[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#413846: openssh-client: post-4.3p2-6 openssh gets kerberos-related hang (non-root only)



Package: openssh-client
Version: 1:4.3p2-9
Severity: normal

Hi Colin,

With any version of openssh after 4.3p2-6, most non-root uses
of ssh would hang:

    $ ssh -vvvv git.debian.org
    OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8e 23 Feb 2007
    debug1: Reading configuration data /e/meyering/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to git.debian.org [217.196.43.134] port 22.
    debug1: Connection established.
    ...
    debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 Debian-8.sarge.6
    debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.6 pat OpenSSH_3.*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9
    debug2: fd 3 setting O_NONBLOCK

I've just compared root and non-root strace output
for that case and discovered an interaction with kerberos.
Not surprisingly, turning off GSSAPIAuthentication solves the problem.
I.e., this works just fine:

    ssh -o 'GSSAPIAuthentication no' git.debian.org date

Since GSSAPIAuthentication=yes seems to be the default,
I suspect this will affect others with a kerberos config
that refers to an authority that isn't always accessible.

Or maybe ssh is just the messenger and this is really a kerberos problem...

Jim


-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (400, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages openssh-client depends on:
ii  adduser  3.102                           Add and remove users and groups
ii  debconf  1.5.13                          Debian configuration management sy
ii  dpkg     1.13.25                         package maintenance system for Deb
ii  libc6    2.3.6.ds1-13                    GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii  libedit2 2.9.cvs.20050518-3              BSD editline and history libraries
ii  libkrb53 1.4.4-7                         MIT Kerberos runtime libraries
ii  libncurs 5.5-5                           Shared libraries for terminal hand
ii  libssl0. 0.9.8e-3                        SSL shared libraries
ii  passwd   1:4.0.18.1-7                    change and administer password and
ii  zlib1g   1:1.2.3-13                      compression library - runtime

openssh-client recommends no packages.

-- no debconf information




Reply to: