Bug#258131: openssh: intermittant failure with GSSAPI authentication
Package: openssh-server
Version: 1:6.0p1-2
Followup-For: Bug #258131
Hello, I am having strange SIGSEGV issues with sshd, but good news: it is reproductible.
When trying to use both KerberosAuthentication and GSSAPIAuthentication, you get two cases:
* If you connect with a client using "GSSAPIAuthentication yes", with a valid Kerberos ticket, everything
connects fine and you get a valid ticket on the remote host.
* If you connect with a client using "GSSAPIAuthentication no", ssh exits just after outputing:
"Connection closed by 192.168.100.10"
Here is the Server Debug:
---8<---
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.100.1 port 58888
debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-2
debug1: match: OpenSSH_6.0p1 Debian-2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-2
debug1: permanently_set_uid: 103/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user mcerda service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "mcerda"
debug1: PAM: setting PAM_RHOST to "192.168.100.1"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user mcerda service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/mcerda/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/mcerda/.ssh/authorized_keys': No such file or directory
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/mcerda/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/mcerda/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for mcerda from 192.168.100.1 port 58888 ssh2
debug1: userauth-request for user mcerda service ssh-connection method password [preauth]
debug1: attempt 2 failures 1 [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
---8<---
And the client one:
---8<---
OpenSSH_6.0p1 Debian-2, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/mcerda/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to dashie.zea.zen [192.168.100.10] port 22.
debug1: Connection established.
debug1: identity file /home/mcerda/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/mcerda/.ssh/id_rsa-cert type -1
debug1: identity file /home/mcerda/.ssh/id_dsa type -1
debug1: identity file /home/mcerda/.ssh/id_dsa-cert type -1
debug1: identity file /home/mcerda/.ssh/id_ecdsa type -1
debug1: identity file /home/mcerda/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-2
debug1: match: OpenSSH_6.0p1 Debian-2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 35:5d:08:41:bf:ac:d2:b3:1c:ce:4b:b4:7b:18:21:d8
debug1: Host 'dashie.zea.zen' is known and matches the ECDSA host key.
debug1: Found key in /home/mcerda/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mcerda/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/mcerda/.ssh/id_dsa
debug1: Trying private key: /home/mcerda/.ssh/id_ecdsa
debug1: Next authentication method: password
mcerda@dashie.zea.zen's password:
Connection closed by 192.168.100.10
---8<---
(not much details here. Looks like the remote just hung up without saying anything)
Here is a GDB session when this bug is encountered:
---8<---
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6347f9a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) thr apply all bt
Thread 1 (Thread 0x7ffff7fe27c0 (LWP 9007)):
#0 0x00007ffff6347f9a in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff634b87c in free () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff68d182b in ?? () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3
#3 0x00007ffff68d2216 in krb5_aname_to_localname () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3
#4 0x00007ffff68d55eb in krb5_kuserok () from /usr/lib/x86_64-linux-gnu/libkrb5.so.3
#5 0x00005555555804ba in ?? ()
#6 0x000055555556647b in ?? ()
#7 0x000055555557a72a in ?? ()
#8 0x000055555557b7ca in ?? ()
#9 0x000055555557c5ed in ?? ()
#10 0x0000555555564103 in main ()
---8<---
Well, I hope this helps.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.44
ii dpkg 1.16.4.3
ii libc6 2.13-33
ii libcomerr2 1.42.4-3
ii libgssapi-krb5-2 1.10.1+dfsg-1
ii libkrb5-3 1.10.1+dfsg-1
ii libpam-modules 1.1.3-7.1
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libssl1.0.0 1.0.1c-3
ii libwrap0 7.6.q-23
ii lsb-base 4.1+Debian7
ii openssh-client 1:6.0p1-2
ii procps 1:3.3.3-2
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages openssh-server recommends:
ii openssh-blacklist 0.4.1
ii openssh-blacklist-extra 0.4.1
ii xauth 1:1.0.7-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ssh-askpass <none>
pn ufw <none>
-- debconf information:
* ssh/use_old_init_script: true
ssh/vulnerable_host_keys:
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
Reply to: