Bug 484459 - ssh - buffer_get_ret: trying to get more bytes 4 than in buffer 0
ssh - buffer_get_ret: trying to get more bytes 4 than in buffer 0
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: gnome-keyring (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomáš Bžatek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-06 17:27 EST by John Ellson
Modified: 2015-03-03 17:34 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-15 10:50:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Ellson 2009-02-06 17:27:00 EST
Description of problem:
Some rawhide update today broke ssh, but I can't work out what!  I tried backing down openssh to an earlier release, but that didn't fix it.  Reporting against openssh anyway.

As a regular user, ssh fails with:
   buffer_get_ret: trying to get more bytes 4 than in buffer 0
   buffer_get_int: buffer error

(Really helpful error message, NOT!   Try googling for:
  "buffer_get_ret: trying to get more bytes 4 than in buffer 0"
to see how common it is!)

As root, ssh to the same target works.

Version-Release number of selected component (if applicable):
openssh-5.1p1-6.fc11.x86_64

How reproducible:
100%

Steps to Reproduce:
1.ssh -vvv bock
2.
3.
  
Actual results:
...
debug1: Host 'bock' is known and matches the RSA host key.
debug1: Found key in /home/ellson/.ssh/known_hosts:57
debug2: bits set: 514/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
buffer_get_ret: trying to get more bytes 4 than in buffer 0
buffer_get_int: buffer error
 


Expected results:
1. Working ssh.
2. Greatly improved errors messages!


Additional info:
Comment 1 John Ellson 2009-02-06 17:51:00 EST
The problem seems to be caused by my id_dsa key ???   Removing that and the id_rsa key works fine.

I use that dsa key in a lot of places, so I don't want to remove it permanently.
Whats going on?

A working rsa public key:

debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ellson/.ssh/id_rsa (0x2880550)
debug3: input_userauth_banner


Same site, with the id_dsa & id_dsa.pub restored into .ssh/ 

debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
buffer_get_ret: trying to get more bytes 4 than in buffer 0
buffer_get_int: buffer error
Comment 2 Tomas Mraz 2009-02-09 06:18:43 EST
What have you upgraded - client or server? What is the openssh version on the other end? What happens if you do 'unset SSH_AUTH_SOCK' before running the ssh client?
Comment 3 Tomáš Bžatek 2009-02-09 07:22:23 EST
Same here, today's rawhide, cannot connect from client to server.

client:
openssh-5.1p1-6.fc11.x86_64
openssl-0.9.8j-7.fc11.x86_64
glibc-2.9.90-3.x86_64
gcc-4.4.0-0.16.x86_64

server:
openssh-5.1p1-6.fc11.i386
openssl-0.9.8j-6.fc11.i686
glibc-2.9.90-3.i686
gcc-4.3.2-7.i386


Removing ~/.ssh/known_hosts didn't help.

Unsetting SSH_AUTH_SOCK helped.

$ echo $SSH_AUTH_SOCK
/tmp/keyring-c543Ad/socket.ssh

So... this looks like gnome-keyring error :-/
Comment 4 Tomas Mraz 2009-02-09 07:29:05 EST
Yes, if unsetting SSH_AUTH_SOCK helps and it points to gnome-keyring and not regular ssh_agent it is gnome-keyring bug.
Comment 5 John Ellson 2009-02-09 13:07:58 EST
Using ssh from a ssh login session, without a desktop and with no SSH_AUTH_SOCK
set, works ok.    When I get back home tonight I'll see if SSH_AUTH_SOCK
is set and if unsetting it helps me,  but that seems likely based on Comment #4.
Comment 6 John Ellson 2009-02-09 13:10:38 EST
Oh yes, only my client was updated to fc11 rpms.  The servers are all fc10
or less.
Comment 7 John Ellson 2009-02-09 17:52:51 EST
Confirming "unset SSH_AUTH_SOCK" fixes the issue for me too.
Comment 8 Matthias Clasen 2009-02-13 19:28:44 EST
What version of gnome-keyring ?
What arch ?
Comment 9 John Ellson 2009-02-13 20:47:45 EST
gnome-keyring-2.25.90-4.fc11

x86_64

I can't reproduce this bug on a similarly equipped i386 box.
Comment 10 John Ellson 2009-02-13 20:57:27 EST
Reverting to gnome-keyring-2.25.5-1.fc11.x86_64 make ssh work again, although
it gives an error message:

ellson@ontap:Desktop> ssh penguin
Error reading response length from authentication socket.
Last login: Fri Feb 13 20:43:53 2009 from ontap.ellson.com
ellson@penguin:~>
Comment 11 Matthias Clasen 2009-02-14 20:14:43 EST
Can you retry with 2.25.91 ? 
It contains some more 64bit fixes.
Comment 12 John Ellson 2009-02-15 07:46:19 EST
Everything seems to work with gnome-keyring-2.25.91-1.fc11.x86_64


Thanks
Comment 13 Einer Petersen 2009-06-16 01:57:33 EDT
Hey Guys, the bug is back in version gnome-keyring-2.26.1-1.fc11.x86_64

Symptoms/process same as above postings.

Fedora 11 x86_64

Einer

Note You need to log in before you can comment on or make changes to this bug.