Bug#257514: ssh: even more info
Package: ssh
Version: 1:3.8p1-3
Severity: normal
Followup-For: Bug #252676
The bug was (finally) triggered again. Here's what it looks like:
dilinger@toaster:~/src$ ssh -vvv sloth
OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to sloth [69.9.160.254] port 22.
debug1: Connection established.
debug1: identity file /home/dilinger/.ssh/identity type -1
debug1: identity file /home/dilinger/.ssh/id_rsa type -1
debug1: identity file /home/dilinger/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
Nothing shows up in any of my logs (not even an "sshd: connected
from..").
Here's an strace of the sshd process listening on port 22:
Process 29872 attached - interrupt to quit
select(15, [3 5 6 7 8 9 10 11 12 13 14], NULL, NULL, NULL) = 1 (in [3])
accept(3, {sa_family=AF_INET, sin_port=htons(51083),
sin_addr=inet_addr("66.109.37.2")}, [16]) = 4
fcntl64(4, F_SETFL, O_RDONLY) = 0
close(4) = 0
select(15, [3 5 6 7 8 9 10 11 12 13 14], NULL, NULL, NULL <unfinished
...>
Process 29872 detached
(which looks fine to me..)
Here's the ltrace (w/ debugging turned on):
DEBUG: elf.c:44: do_init_elf(): Reading ELF from /proc/29872/exe...
DEBUG: breakpoints.c:85: enable_all_breakpoints(): Enabling breakpoints
for pid 29872...
DEBUG: process_event.c:70: process_event(): event: none
DEBUG: process_event.c:85: process_event(): event: syscall
(SYS__newselect [142])
DEBUG: process_event.c:89: process_event(): event: sysret
(SYS__newselect [142])DEBUG: process_event.c:85: process_event(): event:
syscall (SYS_socketcall [102])
DEBUG: process_event.c:89: process_event(): event: sysret
(SYS_socketcall [102])DEBUG: process_event.c:85: process_event(): event:
syscall (SYS_fcntl64 [221])
DEBUG: process_event.c:89: process_event(): event: sysret (SYS_fcntl64
[221])
DEBUG: process_event.c:85: process_event(): event: syscall (SYS_close
[6])
DEBUG: process_event.c:89: process_event(): event: sysret (SYS_close
[6])
DEBUG: process_event.c:85: process_event(): event: syscall
(SYS__newselect [142])
DEBUG: ltrace.c:56: signal_exit(): Received interrupt signal; exiting...
DEBUG: process_event.c:89: process_event(): event: sysret
(SYS__newselect [142])DEBUG: process_event.c:73: process_event(): event:
signal (SIGSTOP [19])
DEBUG: breakpoints.c:103: disable_all_breakpoints(): Disabling
breakpoints for pid 29872...
DEBUG: process_event.c:135: remove_proc(): Removing pid 29872
The only thing that looks different in its /proc/<pid>/maps is
40046000-4012e000 r-xp 00000000 21:03 2315780
/usr/lib/i686/cmov/libcrypto.so.0.9.7.dpkg-new (deleted)
4012e000-4013f000 rw-p 000e8000 21:03 2315780
/usr/lib/i686/cmov/libcrypto.so.0.9.7.dpkg-new (deleted)
I added a bunch of debug/audit stuff to pam auth files, but it doesn't
seem to affect sshd; I suspect I'll need to HUP/restart it (and I won't
be able to trigger the bug again). So, if you have any suggestions for
further debugging, let me know. Otherwise, I'll probably have to
restart ssh sometime within the next few days.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.24-grsec+mremap
Locale: LANG=C, LC_CTYPE=C
Versions of packages ssh depends on:
ii adduser 3.53 Add and remove users and
groups
ii debconf 1.4.25 Debian configuration
management sy
ii dpkg 1.10.21 Package maintenance system
for Deb
ii libc6 2.3.2.ds1-12 GNU C Library: Shared
libraries an
ii libpam-modules 0.76-21 Pluggable Authentication
Modules f
ii libpam-runtime 0.76-21 Runtime support for the PAM
librar
ii libpam0g 0.76-21 Pluggable Authentication
Modules l
ii libssl0.9.7 0.9.7d-3 SSL shared libraries
ii libwrap0 7.6.dbs-3 Wietse Venema's TCP
wrappers libra
ii zlib1g 1:1.2.1-5 compression library -
runtime
-- debconf information:
* ssh/privsep_tell:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/ssh2_keys_merged:
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
Reply to: