Description of problem: When I try to log in as a user that doesn't exist, the SSH server crashes. Version-Release number of selected component (if applicable): OpenSSH_5.9p1, OpenSSL 1.0.0j-fips 10 May 2012 How reproducible: Always Steps to Reproduce: 1. Log in from any computer as a user that doesn't exist 2. Type any string as password and hit return Actual results: Connection is closed. The messages below are shown in /var/log/messages on the server: Sep 23 22:30:54 blackhole kernel: [ 8535.399440] sshd[10952] general protection ip:7f5d87e38377 sp:7ffffaa225f0 error:0 in libc-2.15.so[7f5d87df0000+1ac000] Sep 23 22:30:54 blackhole abrtd: Directory 'ccpp-2012-09-23-22:30:54-10952' creation detected Sep 23 22:30:54 blackhole abrt[11931]: Saved core dump of pid 10952 (/usr/sbin/sshd) to /var/spool/abrt/ccpp-2012-09-23-22:30:54-10952 (3104768 bytes) Sep 23 22:30:54 blackhole abrtd: Generating backtrace Sep 23 22:30:54 blackhole abrtd: Duplicate: core backtrace Sep 23 22:30:54 blackhole abrtd: DUP_OF_DIR: /var/spool/abrt/ccpp-2012-08-30-20:58:20-11746 Sep 23 22:30:54 blackhole abrtd: Corrupted or bad directory '/var/spool/abrt/ccpp-2012-09-23-22:30:54-10952', deleting Expected results: I should be prompted for a password again. Additional info: I have attempted to remove packages I don't use. I may have removed something related to SSH, but this is an unacceptable result anyway. There is no entry in abrt for the crashes. I have tried to remove all customization in /etc/ssh/sshd_config .
Sorry, I forgot something: If I try to log in as a user that exists, but is not in AllowUsers (e.g. root), there is no crash.
Unfortunately, I cannot reproduce the crash on my Fedora 17 virtual machine. We would need at least usable backtrace to be able to investigate the crash further. Also you're mentioning AllowUsers - do you use this option in /etc/ssh/sshd_config?
Created attachment 617067 [details] ABRT generated crash info
abrt chokes on the crash but I uploaded the info minus the core dump (left out because of possible security issues). I have changed AllowUsers, AuthorizedKeysFile and "Subsystem sftp", but I tried to remove those customizations.
Here is the backtrace, so you don't have to look in the .tgz: ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x48377 vfprintf /lib64/libc.so.6 e6c4e24910e190033df6d73ab31100b0ea843e61 ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x108f51 __vasprintf_chk /lib64/libc.so.6 83615b9fc4ab9c55244e3f5f61594f1ebdc0e4fb ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x108e82 __asprintf_chk /lib64/libc.so.6 ea0d6c0e15ce18e667f83f7eaf7f339c0936f364 245b9501b827b5c91b3d169af67b96c1c4d7c5b2 0x1c86 - /lib64/security/pam_ecryptfs.so e91e89c0e2841a03ed272ead9e725fd34fcb4ca4 245b9501b827b5c91b3d169af67b96c1c4d7c5b2 0x1d7d pam_sm_authenticate /lib64/security/pam_ecryptfs.so 3404692b3b2393cfa3dcb0482d867c4c33344b91 372e0854be0d6a18633d579d34320e8e9cb2ec5d 0x30c4 - /lib64/libpam.so.0 5242e8cf5a275548d99caf45c7c1cd23c5add91a 372e0854be0d6a18633d579d34320e8e9cb2ec5d 0x2890 pam_authenticate /lib64/libpam.so.0 d536b5283eeb62d7a9e93810b035611bad9a50af e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x36676 - - - e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x10a2b - - - e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x299c2 - - - e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x2ae48 - - - e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x2be6b - - - e12ee4180c2972fe88d8ed06f98d11909de71fd3 0xdbea - - - ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x21735 __libc_start_main /lib64/libc.so.6 075acda5d3230e115cf7c88597eaba416bdaa6bb e12ee4180c2972fe88d8ed06f98d11909de71fd3 0xe739 - - -
Reassigning to ecryptfs-utils as the source of the crash is in the pam_ecryptfs module.
reproducible