Description of problem: I find ssh will segmentation fault when try to connect some host today. e.g. $ ssh localhost Segmentation fault Version-Release number of selected component (if applicable): openssh-clients-4.3p2-19.fc6 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: will attach ssh -vvv output and strace out put.
Created attachment 158417 [details] ssh -vvvv output
Created attachment 158418 [details] strace ssh localhost
Can you create a backtrace with gdb? (Install openssh-debuginfo too, so the backtrace is more meaningful.) Also what changed on the system when it suddenly started segfaulting? And what are your /etc/hosts file contents?
Disable option GSSAPIAuthentication in ssh_config seems fix this problem.
With the GSSAPIAuthentication enable, the backtrace is: Program received signal SIGSEGV, Segmentation fault. 0x004cd1c6 in gss_verify_mic () from /usr/lib/libgssapi_krb5.so.2 (gdb) bt #0 0x004cd1c6 in gss_verify_mic () from /usr/lib/libgssapi_krb5.so.2 #1 0x80032195 in ssh_gssapi_import_name (ctx=0x805fb7d8, host=0x805fad30 "localhost.localdomain") at gss-genr.c:215 #2 0x800324d3 in ssh_gssapi_check_mechanism (ctx=0xbfbd8628, oid=0x805fb770, host=0x805fad30 "localhost.localdomain") at gss-genr.c:302 #3 0x800145ad in userauth_gssapi (authctxt=0xbfbd8714) at sshconnect2.c:499 #4 0x8001475d in userauth (authctxt=0xbfbd8714, authlist=<value optimized out>) at sshconnect2.c:341 #5 0x80014e2a in input_userauth_failure (type=51, seq=5, ctxt=0xbfbd8714) at sshconnect2.c:407 #6 0x8002c25b in dispatch_run (mode=0, done=0xbfbd8728, ctxt=0xbfbd8714) at dispatch.c:93 #7 0x800152ed in ssh_userauth2 (local_user=0x805f4360 "root", server_user=0x805f4378 "root", host=0x805f43f0 "localhost", sensitive=0x8004c940) at sshconnect2.c:308 #8 0x8000f771 in ssh_login (sensitive=0x8004c940, orighost=0xbfbd9aab "localhost", hostaddr=0x8004c8c0, pw=0x805ea4d8) at sshconnect.c:936 #9 0x80006ab7 in main (ac=0, av=0xbfbd8d2c) at ssh.c:734
Can you please install krb5-debuginfo package and try to produce the backtrace again?
(In reply to comment #6) > Can you please install krb5-debuginfo package and try to produce the backtrace > again? > Program received signal SIGSEGV, Segmentation fault. 0x00e131c6 in generic_gss_copy_oid (minor_status=0x8164580c, oid=0xbf83b8e4, new_oid=0xe2e3c0) at oid_ops.c:91 91 { (gdb) bt #0 0x00e131c6 in generic_gss_copy_oid (minor_status=0x8164580c, oid=0xbf83b8e4, new_oid=0xe2e3c0) at oid_ops.c:91 #1 0x80032195 in ssh_gssapi_import_name (ctx=0x81645808, host=0x81644d70 "localhost.localdomain") at gss-genr.c:215 #2 0x800324d3 in ssh_gssapi_check_mechanism (ctx=0xbf83b968, oid=0x816457a0, host=0x81644d70 "localhost.localdomain") at gss-genr.c:302 #3 0x800145ad in userauth_gssapi (authctxt=0xbf83ba54) at sshconnect2.c:499 #4 0x8001475d in userauth (authctxt=0xbf83ba54, authlist=<value optimized out>) at sshconnect2.c:341 #5 0x80014e2a in input_userauth_failure (type=51, seq=5, ctxt=0xbf83ba54) at sshconnect2.c:407 #6 0x8002c25b in dispatch_run (mode=0, done=0xbf83ba68, ctxt=0xbf83ba54) at dispatch.c:93 #7 0x800152ed in ssh_userauth2 (local_user=0x8163e420 "hpt", server_user=0x8163e380 "hpt", host=0x81642ab8 "localhost", sensitive=0x8004c940) at sshconnect2.c:308 #8 0x8000f771 in ssh_login (sensitive=0x8004c940, orighost=0xbf83d1f4 "localhost", hostaddr=0x8004c8c0, pw=0x816344d8) at sshconnect.c:936 #9 0x80006ab7 in main (ac=0, av=0xbf83c06c) at ssh.c:734
The new_oid value is corrupted. But after studying the relevant openssh and krb5 library code I am out of ideas how it could happen. I cannot reproduce the crash here so it is impossible for me to debug it. Nalin, do you have any ideas how that corruption could happen?
Fedora apologizes that these issues have not been resolved yet. We're sorry it's taken so long for your bug to be properly triaged and acted on. We appreciate the time you took to report this issue and want to make sure no important bugs slip through the cracks. If you're currently running a version of Fedora Core between 1 and 6, please note that Fedora no longer maintains these releases. We strongly encourage you to upgrade to a current Fedora release. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained and closing them. http://fedoraproject.org/wiki/LifeCycle/EOL If this bug is still open against Fedora Core 1 through 6, thirty days from now, it will be closed 'WONTFIX'. If you can reporduce this bug in the latest Fedora version, please change to the respective version. If you are unable to do this, please add a comment to this bug requesting the change. Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we are following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. And if you'd like to join the bug triage team to help make things better, check out http://fedoraproject.org/wiki/BugZappers
It seems this problem had been fixed in fedora 8.