I built the world instead of just sshd and my problem went away. I guess I won't build bits and pieces of the freshly cvsup'd world in the future. :) -Snow On Thu, Mar 22, 2001 at 11:56:33AM -0500, James Snow wrote: > Looking at my cvsup from last night I figured the official fixes for the > 'ssh2 cores on invalid username' and the sigpipe bug had gone in. So I > remade /usr/src/secure/usr.sbin/sshd but there now seems to be another > problem with ssh2. (ssh1 still works.) > > uname -a: > > FreeBSD silver.teardrop.org 4.2-STABLE FreeBSD 4.2-STABLE #0: Tue Jan 30 > 17:01:38 EST 2001 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SILVER i386 > > Below, I fire up an sshd on an arbitrary port. ssh1 is still working, so > I left the daemon running on 22 so I can login there. > > Then I login from another 4.2-S box. > > sshd -d -p 2222: > > ebug1: sshd version OpenSSH_2.3.0 [EMAIL PROTECTED] 20010321 > debug1: read DSA private key done > debug1: Bind to port 2222 on 0.0.0.0. > Server listening on 0.0.0.0 port 2222. > Generating 768 bit RSA key. > RSA key generation complete. > debug1: Server will not fork when running in debugging mode. > Connection from fireext.cinteractive.com port 1073 > Connection from 205.181.101.2 port 1073 > debug1: Client protocol version 2.0; client software version > OpenSSH_2.3.0 > debug1: match: OpenSSH_2.3.0 pat ^OpenSSH[-_]2\.3 > > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-1.99-OpenSSH_2.3.0 [EMAIL PROTECTED] > 20010321 > debug1: send KEXINIT > debug1: done > debug1: wait KEXINIT > debug1: got kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug1: got kexinit: ssh-dss > debug1: got kexinit: > >3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED] > debug1: got kexinit: > >3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED] > debug1: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED] > debug1: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED] > debug1: got kexinit: none > debug1: got kexinit: none > debug1: got kexinit: > debug1: got kexinit: > debug1: first kex follow: 0 > debug1: reserved: 0 > debug1: done > debug1: kex: client->server 3des-cbc hmac-sha1 none > debug1: kex: server->client 3des-cbc hmac-sha1 none > debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST. > /etc/ssh/primes: No such file or directory > WARNING: /etc/ssh/primes does not exist, using old prime > debug1: bits set: 504/1024 > debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP. > debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT. > debug1: bits set: 512/1024 > debug1: sig size 20 20 > debug1: send SSH2_MSG_NEWKEYS. > debug1: done: send SSH2_MSG_NEWKEYS. > debug1: Wait SSH2_MSG_NEWKEYS. > debug1: GOT SSH2_MSG_NEWKEYS. > debug1: done: KEX2. > debug1: userauth-request for user snow service ssh-connection method > none > debug1: attempt #1 > debug1: Starting up PAM with username "snow" > Failed none for snow from 205.181.101.2 port 1073 ssh2 > debug1: userauth-request for user snow service ssh-connection method > password > debug1: attempt #2 > debug1: PAM Password authentication accepted for user "snow" > debug1: PAM setting rhost to "fireext.cinteractive.com" > Accepted password for snow from 205.181.101.2 port 1073 ssh2 > debug1: Entering interactive session for SSH2. > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 32768 max > 16384 > debug1: open session > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: confirm session > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 channel 0 request pty-req > reply 0 > debug1: session_pty_req: session 0 alloc /dev/ttyp7 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 channel 0 request shell > reply 0 > debug1: PAM setting tty to "/dev/ttyp7" > debug1: do_pam_session: euid 0, uid 0 > debug1: PAM establishing creds > debug1: fd 7 setting O_NONBLOCK > debug1: fd 3 IS O_NONBLOCK > debug1: Setting controlling tty using TIOCSCTTY. > > Ok, so far so good. I seem to be logged in. > > The system seems to confirm this: > > snow p7 <other.box> 11:41AM 1 -bash (bash) > > Client side, however, I see this: > > ssh -v -2 -p 2222 -l snow silver.teardrop.org: > > SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0. > Compiled with SSL (0x0090600f). > debug: Reading configuration data /etc/ssh/ssh_config > debug: ssh_connect: getuid 100 geteuid 100 anon 1 > debug: Connecting to silver.teardrop.org [205.181.101.128] port 2222. > debug: Connection established. > debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0 >[EMAIL PROTECTED] 20010321 > debug: match: OpenSSH_2.3.0 [EMAIL PROTECTED] 20010321 pat ^OpenSSH[-_]2\.3 > > Enabling compatibility mode for protocol 2.0 > debug: Local version string SSH-2.0-OpenSSH_2.3.0 > debug: send KEXINIT > debug: done > debug: wait KEXINIT > debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug: got kexinit: ssh-dss > debug: got kexinit: >3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED] > debug: got kexinit: >3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED] > debug: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED] > debug: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED] > debug: got kexinit: none,zlib > debug: got kexinit: none,zlib > debug: got kexinit: > debug: got kexinit: > debug: first kex follow: 0 > debug: reserved: 0 > debug: done > debug: kex: server->client 3des-cbc hmac-sha1 none > debug: kex: client->server 3des-cbc hmac-sha1 none > debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. > debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. > debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. > debug: bits set: 512/1024 > debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. > debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. > debug: Got SSH2_MSG_KEXDH_REPLY. > debug: Host 'silver.teardrop.org' is known and matches the DSA host key. > debug: bits set: 504/1024 > debug: len 55 datafellows 0 > debug: dsa_verify: signature correct > debug: Wait SSH2_MSG_NEWKEYS. > debug: GOT SSH2_MSG_NEWKEYS. > debug: send SSH2_MSG_NEWKEYS. > debug: done: send SSH2_MSG_NEWKEYS. > debug: done: KEX2. > debug: send SSH2_MSG_SERVICE_REQUEST > debug: service_accept: ssh-userauth > debug: got SSH2_MSG_SERVICE_ACCEPT > debug: authentications that can continue: publickey,password > debug: next auth method to try is publickey > debug: key does not exist: /usr/home/snow/.ssh/id_dsa > debug: next auth method to try is password > [EMAIL PROTECTED]'s password: > debug: ssh-userauth2 successfull: method password > debug: channel 0: new [client-session] > debug: send channel open 0 > debug: Entering interactive session. > debug: client_init id 0 arg 0 > debug: channel request 0: shell > debug: channel 0: open confirm rwindow 0 rmax 0 > > All well and good except that this is where it stops. Where's my login > prompt? This terminal is now hung. ^C, ^Z, ^D, and ~. won't get me out > of here. I have to kill -9 this ssh session from elsewhere or ^C the > daemon. > > When I ^C the daemon the client reports: > > Connection to silver.teardrop.org closed by remote host. > Connection to silver.teardrop.org closed. > debug: Transferred: stdin 0, stdout 0, stderr 101 bytes in 592.5 seconds > debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.2 > debug: Exit status -1 > > Also noteworthy, if I resize the client window at all, the server sees: > > debug1: session_input_channel_req: session 0 channel 0 request window-change reply 0 > > I asked a friend to try this on his 4.2-S box. He cvsup'd, built sshd, > and ran it from /usr/obj/... and was able to reproduce this. > > I'm grabbing /usr/src/crypto/openssh from a box I don't cvsup > automatically to keep me going for now. > > Any suggestions? Any information I should have provided but forgot? :) > > > Thanks, > -Snow > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
