Bug 30562 - 7.1RC2 Upgrade openssh has problem with /usr/X11R6/bin/xauth
7.1RC2 Upgrade openssh has problem with /usr/X11R6/bin/xauth
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-03-04 12:34 EST by R P Herrold
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-02-10 21:33:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description R P Herrold 2001-03-04 12:34:46 EST
Upgrading to 7.1RC2, I received this rather unusial circumstance --

[herrold@couch herrold]$  ssh 172.16.33.161
herrold@172.16.33.161's password:
Last login: Sun Mar  4 12:22:35 2001 from couch.basement.
sh: /usr/X11R6/bin/xauth: No such file or directory
Connection to 172.16.33.161 closed.
[herrold@couch herrold]$  ssh root@172.16.33.161
root@172.16.33.161's password:
Last login: Sun Mar  4 12:13:25 2001
sh: /usr/X11R6/bin/xauth: No such file or directory
[root@dhcp161 /root]# ls                                         

============================
That is, it looks as though the sshd is not properly handling the absence
of /usr/X11R6/bin/xauth, as NON-root, and dying off 

-- Ask if you need more version information ..
 
[root@dhcp161 /root]# rpm -qa | grep open
openldap-clients-2.0.7-12
openssl-devel-0.9.5a-27
openssh-2.5.1p1-5
openldap-2.0.7-12
openldap-devel-2.0.7-12
openssl-0.9.5a-27
openssh-clients-2.5.1p1-5
openssh-server-2.5.1p1-5
[root@dhcp161 /root]#
Comment 1 R P Herrold 2001-03-04 12:44:14 EST
Here is a bit more -- this is a server install -- and then went to pop an xterm
only through the tunnel back to my console ... no xterm ...

Note also the connection reset -- I orten get this on a first connectionto a
remote host -- just irritating with an interactive console -- ratehr more
serious if doing a rsync tunneled freshen ...


[couch is the stable RH 7.0 -- dhcp161 is the unit under test]
 
[herrold@couch herrold]$ rpm -qf `which xterm`
XFree86-4.0.1-1
[herrold@couch herrold]$  ssh root@172.16.33.161
ssh_exchange_identification: read: Connection reset by peer
[herrold@couch herrold]$  ssh root@172.16.33.161
root@172.16.33.161's password:
Last login: Sun Mar  4 12:23:27 2001 from couch.basement.net
sh: /usr/X11R6/bin/xauth: No such file or directory
[root@dhcp161 /root]# rpm -q XFree86
package XFree86 is not installed
[root@dhcp161 /root]#                                                 
Comment 2 Glen Foster 2001-03-05 15:45:22 EST
This defect considered a show-stopper (MUST-FIX) for Florence GOLD release
Comment 3 Nalin Dahyabhai 2001-03-08 18:36:08 EST
The message indicates that the client is closing the connection, not the
server.  Which version of openssh/openssl do you have installed on the client? 
When you run 'ssh -v root@172.16.33.161' on the client, what do you see before
the connection is closed unexpectedly?

I haven't been able to reproduce with openssl-0.9.5a-14 and openssh-2.3.0p1-16
on the client, talking to openssl-0.9.6-2 and openssh-2.5.1p1-7 on the server
end (tried several times -- got the message about xauth not being present, but I
always get a shell prompt).
Comment 4 R P Herrold 2001-03-09 21:09:40 EST
In the source host, it looks open the OpenSSH portable of recent vintage

[root@pokey /root]# rpm -qa | grep -i open
open-1.4-7
openssh-clients-2.3.0p1-1
openssh-2.3.0p1-1
openssh-askpass-2.3.0p1-1
openssh-server-2.3.0p1-1
openssh-askpass-gnome-2.1.1p2-1
openssl-0.9.5a-2.6.x
openssl-devel-0.9.5a-2.6.x
openldap-1.2.9-6
[root@pokey /root]# rpm -qi openssh
Name        : openssh                      Relocations: (not relocateable)
Version     : 2.3.0p1                           Vendor: Owl River Company
Release     : 1                             Build Date: Wed Nov 22 17:39:03
2000Install date: Sun Nov 26 10:35:05 2000      Build Host:
swampfox.owlriver.com
Group       : Applications/Internet         Source RPM:
openssh-2.3.0p1-1.src.rpm
Size        : 255769                           License: BSD
Packager    : Damien Miller <djm@mindrot.org>
URL         : http://www.openssh.com/
Summary     : OpenSSH free Secure Shell (SSH) implementation
Description :
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
 
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
 
This package includes the core files necessary for both the OpenSSH
client and server.  To make this package useful, you should also
install openssh-clients, openssh-server, or both.
[root@pokey /root]#                 

-----------------------

Ask if you need the SRPMs ...
Comment 5 Preston Brown 2001-03-13 18:07:23 EST
nalin, any luck reproducing this one / tracking it down?
Comment 6 Nalin Dahyabhai 2001-03-13 18:59:41 EST
None as such -- Tim and I can both reproduce the error message, but the
unexpected close of the connection isn't happening on my test box, even when I
roll back to the 7.0 errata ssh client or server (which are also 2.3.0p1).

These are Damien's packages for RHL 6.2, most likely rebuilt against the
openssl packages released for 6.2, so there shouldn't be a binary-compatibility
issue lurking in there.

Herrold, do you have the output of "ssh -v" from the client?
Comment 7 R P Herrold 2001-03-13 22:37:09 EST
hmmm --- local host (couch) is running openssh-portible locally compiled on a
7.0 upgrade host, updated daily ... Note that I get the connection reset on the
FIRST connection (warming it up) -- and then immediately retry and get in ... 
wierd ...

[herrold@couch herrold]$ ssh 172.16.33.164
Read from socket failed: Connection reset by peer
[herrold@couch herrold]$ ssh 172.16.33.164
The authenticity of host '172.16.33.164 (172.16.33.164)' can't be established.
RSA key fingerprint is 42:4d:1e:71:7d:f0:5c:21:fc:69:61:e4:28:ab:dd:95.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.33.164' (RSA) to the list of known hosts.
herrold@172.16.33.164's password:
Read from remote host 172.16.33.164: Connection reset by peer
Connection to 172.16.33.164 closed.
[herrold@couch herrold]$ rpm -qa | grep openss
openssl-python-0.9.5a-14
openssl-devel-0.9.5a-24
Connection to 172.16.33.164 closed.

------------------------------

and on (dhcp164) the QA0309 upgrade from a 7.1RC2 install ..

[herrold@couch herrold]$ ssh -v 172.16.33.164
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Connecting to 172.16.33.164 [172.16.33.164] port 22.
debug: Allocated local port 1022.
debug: Connection established.
debug: identity file /home/herrold/.ssh/identity type 0
debug: identity file /home/herrold/.ssh/id_dsa type 3
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.5.1p1
debug: Seeding random number generator
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss,ssh-rsa
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug: got kexinit:
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit:
hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 1017/2049
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host '172.16.33.164' is known and matches the RSA host key.
debug: Found key in /home/herrold/.ssh/known_hosts2:25
debug: bits set: 1030/2049
debug: ssh_rsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue:
publickey,password,keyboard-interactive
debug: next auth method to try is publickey
debug: key does not exist: /home/herrold/.ssh/id_dsa
debug: next auth method to try is password
herrold@172.16.33.164's password:
debug: ssh-userauth2 successful: method password
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: client_init id 0 arg 0
debug: Requesting X11 forwarding with authentication spoofing.
debug: channel request 0: shell
debug: channel 0: open confirm rwindow 0 rmax 16384
Last login: Wed Mar 14 03:34:34 2001 from couch.basement.net
sh: /usr/X11R6/bin/xauth: No such file or directory
[herrold@dhcp164 herrold]$ rpm -qa | grep openss
openssl-devel-0.9.6-2
openssl-0.9.6-2
openssh-2.5.1p1-7
openssh-server-2.5.1p1-7
openssl095a-0.9.5a-1
openssh-clients-2.5.1p1-7
openssl-perl-0.9.6-2
[herrold@dhcp164 herrold]$   

==============================

Going back toward the couch ...

 
[herrold@dhcp164 herrold]$
[herrold@dhcp164 herrold]$ ssh -v couch
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Connecting to couch [172.16.33.101] port 22.
debug: Allocated local port 1023.
debug: Connection established.
debug: identity file /home/herrold/.ssh/identity type 3
debug: identity file /home/herrold/.ssh/id_dsa type 3
debug: Remote protocol version 1.5, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
The authenticity of host 'couch (172.16.33.101)' can't be established.
RSA1 key fingerprint is 38:d4:69:9e:cb:96:81:68:d2:2b:6b:6f:b9:33:c2:39.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'couch,172.16.33.101' (RSA1) to the list of known
hosts.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Doing password authentication.
herrold@couch's password:
debug: Requesting pty.
debug: Requesting X11 forwarding with authentication spoofing.
debug: Requesting shell.
debug: Entering interactive session.
Last login: Tue Mar 13 21:41:50 2001
[herrold@couch
herrold]$                                                               

Hope this sheds some light ...
Comment 8 R P Herrold 2001-03-13 22:40:31 EST
host 'pokey' is at my office, and is a 6.2, updated daily host, but again, with
an anticipatory openssh/openssl from the openssh portible site
Comment 9 R P Herrold 2001-03-14 09:41:52 EST
... The versions at my office machine 'pokey' are also the OpenSSH portible
project ones of fairly recent vintage

[herrold@pokey herrold]$ rpm -qi openssh
Name        : openssh                      Relocations: (not relocateable)
Version     : 2.3.0p1                           Vendor: Owl River Company
Release     : 1                             Build Date: Wed Nov 22 17:39:03 2000
Install date: Sun Nov 26 10:35:05 2000      Build Host: swampfox.owlriver.com
Group       : Applications/Internet         Source RPM: openssh-2.3.0p1-1.src.rp
m
Size        : 255769                           License: BSD
Packager    : Damien Miller <djm@mindrot.org>
URL         : http://www.openssh.com/
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
 
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
 
This package includes the core files necessary for both the OpenSSH
client and server.  To make this package useful, you should also
install openssh-clients, openssh-server, or both.
[herrold@pokey herrold]$ rpm -qa | grep ^opens
openssh-clients-2.3.0p1-1
openssh-2.3.0p1-1
openssh-askpass-2.3.0p1-1
openssh-server-2.3.0p1-1
openssh-askpass-gnome-2.1.1p2-1
openssl-0.9.5a-2.6.x
openssl-devel-0.9.5a-2.6.x
[herrold@pokey herrold]$   

Hope this helps ...
Comment 10 Glen Foster 2001-03-15 14:38:44 EST
Defect down-graded to "Should fix" for Florence release.
Comment 11 R P Herrold 2001-05-02 23:50:59 EDT
Still broken in RH 7.1 gold ...

 
bash-2.04$ ssh 172.16.33.163
The authenticity of host '172.16.33.163 (172.16.33.163)' can't be established.
RSA key fingerprint is fa:30:ba:f4:ee:74:e1:82:3c:a2:d3:ce:bf:29:e7:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.33.163' (RSA) to the list of known hosts.
herrold@172.16.33.163's password:
sh: /usr/X11R6/bin/xauth: No such file or directory
[herrold@dhcp163 herrold]$ ls-al /usr/X11R6/bin
bash: ls-al: command not found
[herrold@dhcp163 herrold]$ ls -al /usr/X11R6/bin
total 192
drwxr-xr-x    2 root     root         4096 May  2 15:36 .
drwxr-xr-x    7 root     root         4096 May  2 15:25 ..
-rwxr-xr-x    1 root     root        26496 Mar 30 21:51 fsinfo
-rwxr-xr-x    1 root     root        32888 Mar 30 21:51 fslsfonts
-rwxr-xr-x    1 root     root        31736 Mar 30 21:51 fstobdf
-rwxr-xr-x    1 root     root        11696 Mar 30 21:51 mkfontdir
-rwxr-xr-x    1 root     root        72044 Mar 30 21:51 xfs
[herrold@dhcp163 herrold]$ rpm -q openssh
openssh-2.5.2p2-5
[herrold@dhcp163 herrold]$ rpm -q redhat-release
redhat-release-7.1-1
[herrold@dhcp163 herrold]$
Comment 12 R P Herrold 2001-05-02 23:59:04 EDT
This was on a default server install ... perhaps a better solution is to split
xauth out into a separate package in building X, and just install it?
Comment 13 Pekka Savola 2001-05-11 16:57:09 EDT
I've experienced this, on and off.  For me, root is also bad.

Some versions appear not to have been problematic.

Anyway, openssh-2.9p1-2 from rawhide should fix this by disabling X11 forwarding if xauth is missing.
Comment 14 R P Herrold 2002-02-10 21:33:33 EST
This seems to have been solved -- I have not observed it with the last released
updated.  It may be closed, if you concur; I will re-open if it recurs.

-- Russ herrold

Note You need to log in before you can comment on or make changes to this bug.