Bug#413846: openssh-client: post-4.3p2-6 openssh gets kerberos-related hang (non-root only)
Package: openssh-client
Version: 1:4.3p2-9
Severity: normal
Hi Colin,
With any version of openssh after 4.3p2-6, most non-root uses
of ssh would hang:
$ ssh -vvvv git.debian.org
OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /e/meyering/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to git.debian.org [217.196.43.134] port 22.
debug1: Connection established.
...
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 Debian-8.sarge.6
debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.6 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9
debug2: fd 3 setting O_NONBLOCK
I've just compared root and non-root strace output
for that case and discovered an interaction with kerberos.
Not surprisingly, turning off GSSAPIAuthentication solves the problem.
I.e., this works just fine:
ssh -o 'GSSAPIAuthentication no' git.debian.org date
Since GSSAPIAuthentication=yes seems to be the default,
I suspect this will affect others with a kerberos config
that refers to an authority that isn't always accessible.
Or maybe ssh is just the messenger and this is really a kerberos problem...
Jim
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (400, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Versions of packages openssh-client depends on:
ii adduser 3.102 Add and remove users and groups
ii debconf 1.5.13 Debian configuration management sy
ii dpkg 1.13.25 package maintenance system for Deb
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii libedit2 2.9.cvs.20050518-3 BSD editline and history libraries
ii libkrb53 1.4.4-7 MIT Kerberos runtime libraries
ii libncurs 5.5-5 Shared libraries for terminal hand
ii libssl0. 0.9.8e-3 SSL shared libraries
ii passwd 1:4.0.18.1-7 change and administer password and
ii zlib1g 1:1.2.3-13 compression library - runtime
openssh-client recommends no packages.
-- no debconf information
Reply to: