Bug#257514: ssh: even more info

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#257514: ssh: even more info
From: Andres Salomon <dilinger@voxel.net>
Date: Sat, 03 Jul 2004 19:48:24 -0400
Message-id: <20040703234824.AB9222F4114@toaster.hq.voxel.net>
Reply-to: Andres Salomon <dilinger@voxel.net>, 257514@bugs.debian.org

Package: ssh
Version: 1:3.8p1-3
Severity: normal
Followup-For: Bug #252676

The bug was (finally) triggered again.  Here's what it looks like:


dilinger@toaster:~/src$ ssh -vvv sloth
OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to sloth [69.9.160.254] port 22.
debug1: Connection established.
debug1: identity file /home/dilinger/.ssh/identity type -1
debug1: identity file /home/dilinger/.ssh/id_rsa type -1
debug1: identity file /home/dilinger/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

Nothing shows up in any of my logs (not even an "sshd: connected
from..").

Here's an strace of the sshd process listening on port 22:
Process 29872 attached - interrupt to quit
select(15, [3 5 6 7 8 9 10 11 12 13 14], NULL, NULL, NULL) = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(51083),
sin_addr=inet_addr("66.109.37.2")}, [16]) = 4
fcntl64(4, F_SETFL, O_RDONLY)           = 0
close(4)                                = 0
select(15, [3 5 6 7 8 9 10 11 12 13 14], NULL, NULL, NULL <unfinished
...>
Process 29872 detached

(which looks fine to me..)

Here's the ltrace (w/ debugging turned on):

DEBUG: elf.c:44: do_init_elf(): Reading ELF from /proc/29872/exe...
DEBUG: breakpoints.c:85: enable_all_breakpoints(): Enabling breakpoints
for pid 29872...
DEBUG: process_event.c:70: process_event(): event: none
DEBUG: process_event.c:85: process_event(): event: syscall
(SYS__newselect [142])
DEBUG: process_event.c:89: process_event(): event: sysret
(SYS__newselect [142])DEBUG: process_event.c:85: process_event(): event:
syscall (SYS_socketcall [102])
DEBUG: process_event.c:89: process_event(): event: sysret
(SYS_socketcall [102])DEBUG: process_event.c:85: process_event(): event:
syscall (SYS_fcntl64 [221])
DEBUG: process_event.c:89: process_event(): event: sysret (SYS_fcntl64
[221])
DEBUG: process_event.c:85: process_event(): event: syscall (SYS_close
[6])
DEBUG: process_event.c:89: process_event(): event: sysret (SYS_close
[6])
DEBUG: process_event.c:85: process_event(): event: syscall
(SYS__newselect [142])
DEBUG: ltrace.c:56: signal_exit(): Received interrupt signal; exiting...
DEBUG: process_event.c:89: process_event(): event: sysret
(SYS__newselect [142])DEBUG: process_event.c:73: process_event(): event:
signal (SIGSTOP [19])
DEBUG: breakpoints.c:103: disable_all_breakpoints(): Disabling
breakpoints for pid 29872...
DEBUG: process_event.c:135: remove_proc(): Removing pid 29872


The only thing that looks different in its /proc/<pid>/maps is
40046000-4012e000 r-xp 00000000 21:03 2315780
/usr/lib/i686/cmov/libcrypto.so.0.9.7.dpkg-new (deleted)
4012e000-4013f000 rw-p 000e8000 21:03 2315780
/usr/lib/i686/cmov/libcrypto.so.0.9.7.dpkg-new (deleted)


I added a bunch of debug/audit stuff to pam auth files, but it doesn't
seem to affect sshd; I suspect I'll need to HUP/restart it (and I won't
be able to trigger the bug again).  So, if you have any suggestions for
further debugging, let me know.  Otherwise, I'll probably have to
restart ssh sometime within the next few days.



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.24-grsec+mremap
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.53         Add and remove users and
groups
ii  debconf                     1.4.25       Debian configuration
management sy
ii  dpkg                        1.10.21      Package maintenance system
for Deb
ii  libc6                       2.3.2.ds1-12 GNU C Library: Shared
libraries an
ii  libpam-modules              0.76-21      Pluggable Authentication
Modules f
ii  libpam-runtime              0.76-21      Runtime support for the PAM
librar
ii  libpam0g                    0.76-21      Pluggable Authentication
Modules l
ii  libssl0.9.7                 0.9.7d-3     SSL shared libraries
ii  libwrap0                    7.6.dbs-3    Wietse Venema's TCP
wrappers libra
ii  zlib1g                      1:1.2.1-5    compression library -
runtime

-- debconf information:
* ssh/privsep_tell: 
  ssh/insecure_rshd: 
  ssh/privsep_ask: true
  ssh/ssh2_keys_merged: 
* ssh/user_environment_tell: 
* ssh/forward_warning: 
  ssh/insecure_telnetd: 
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true
* ssh/SUID_client: true

Reply to:

Follow-Ups:
- Bug#257514: marked as done (ssh: even more info)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#257324: FTBFS: illegal instruction on ARM
Next by Date: Bug#257524: ssh: scp progress meter disabled when stderr is redirected
Previous by thread: Bug#257324: FTBFS: illegal instruction on ARM
Next by thread: Bug#257514: marked as done (ssh: even more info)
Index(es):
- Date
- Thread