From owner-freebsd-current@FreeBSD.ORG Mon Aug 24 19:33:48 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8ABA3106568C for ; Mon, 24 Aug 2009 19:33:48 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail16.syd.optusnet.com.au (mail16.syd.optusnet.com.au [211.29.132.197]) by mx1.freebsd.org (Postfix) with ESMTP id 1D65E8FC1F for ; Mon, 24 Aug 2009 19:33:47 +0000 (UTC) Received: from server.vk2pj.dyndns.org (c122-106-255-167.belrs3.nsw.optusnet.com.au [122.106.255.167]) by mail16.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n7OJXjJG027164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 25 Aug 2009 05:33:46 +1000 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.3/8.14.3) with ESMTP id n7OJXj23023910 for ; Tue, 25 Aug 2009 05:33:45 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.3/8.14.3/Submit) id n7OJXjaX023909 for freebsd-current@freebsd.org; Tue, 25 Aug 2009 05:33:45 +1000 (EST) (envelope-from peter) Date: Tue, 25 Aug 2009 05:33:44 +1000 From: Peter Jeremy To: freebsd-current@freebsd.org Message-ID: <20090824193344.GA34949@server.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l" Content-Disposition: inline X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.20 (2009-06-14) Subject: sshd failing in jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 19:33:48 -0000 --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I am attempting to build an i386 jail on an amd64 box to build packages for my netbook. The host is running -current from just over two weeks ago and the jail is -current from early June. The jail was built by doing a dump|restore of my netbook and then tweaking various config files to give it a new identity. The jail's devfs is using "devfsrules_jail" from /etc/default/devfs.rules. The jail starts OK but when I attempt to ssh into it, I just get "Connection closed by ". Adding debugging on the child, I see that it occurs immediately following: "debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY". Looking at a ktrace of the jailed sshd, the problem is inside the privilege separation child. When I turned off privilege separation, I can log into the jail. When I added a syslog socket inside the jailed chroot and left privilege separation enabled, I got: Aug 24 19:04:40 server sshd[70809]: error: buffer_put_bignum2_ret: BN too s= mall Aug 24 19:04:40 server sshd[70809]: fatal: buffer_put_bignum2: buffer error Unfortunately, buffer_put_bignum2() is called from a number of locations so the actual problem is not clear. Looking at google doesn't turn up anything useful. Does anyone have any suggestions? --=20 Peter Jeremy --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkqS6xgACgkQ/opHv/APuIfeiACgr7jmr0kSN05RttT/Wn4386PO 1/IAoJaMcUVhz5rFycWQ4RzUu4XNJmXI =hKG+ -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l--