Bug#413846: openssh-client: post-4.3p2-6 openssh gets kerberos-related hang (non-root only)
On Wed, Mar 07, 2007 at 03:15:42PM +0100, Jim Meyering wrote:
> With any version of openssh after 4.3p2-6, most non-root uses
> of ssh would hang:
>
> $ ssh -vvvv git.debian.org
> OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8e 23 Feb 2007
> debug1: Reading configuration data /e/meyering/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to git.debian.org [217.196.43.134] port 22.
> debug1: Connection established.
> ...
> debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 Debian-8.sarge.6
> debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.6 pat OpenSSH_3.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9
> debug2: fd 3 setting O_NONBLOCK
>
> I've just compared root and non-root strace output
> for that case and discovered an interaction with kerberos.
> Not surprisingly, turning off GSSAPIAuthentication solves the problem.
> I.e., this works just fine:
>
> ssh -o 'GSSAPIAuthentication no' git.debian.org date
>
> Since GSSAPIAuthentication=yes seems to be the default,
> I suspect this will affect others with a kerberos config
> that refers to an authority that isn't always accessible.
>
> Or maybe ssh is just the messenger and this is really a kerberos problem...
It certainly doesn't happen to me. Is there anything you can tell me
about your Kerberos configuration (e.g. how to reproduce it on my
system)?
--
Colin Watson [cjwatson@debian.org]
Reply to: