From owner-freebsd-current@FreeBSD.ORG  Tue Aug 25 08:07:15 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 38EFB106568B
	for <freebsd-current@freebsd.org>; Tue, 25 Aug 2009 08:07:15 +0000 (UTC)
	(envelope-from stb@lassitu.de)
Received: from koef.zs64.net (koef.zs64.net [212.12.50.230])
	by mx1.freebsd.org (Postfix) with ESMTP id CED6A8FC2E
	for <freebsd-current@freebsd.org>; Tue, 25 Aug 2009 08:07:14 +0000 (UTC)
Received: from localhost by koef.zs64.net (8.14.3/8.14.3) with ESMTP id
	n7P87CU2074291
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
	Tue, 25 Aug 2009 10:07:13 +0200 (CEST)
	(envelope-from stb@lassitu.de) (authenticated as stb)
Message-Id: <2CDE9A31-C924-439F-8394-6325F821F9C2@lassitu.de>
From: Stefan Bethke <stb@lassitu.de>
To: Peter Jeremy <peterjeremy@optushome.com.au>
In-Reply-To: <20090824193344.GA34949@server.vk2pj.dyndns.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 25 Aug 2009 10:07:12 +0200
References: <20090824193344.GA34949@server.vk2pj.dyndns.org>
X-Mailer: Apple Mail (2.936)
Cc: freebsd-current@freebsd.org
Subject: Re: sshd failing in jail
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2009 08:07:15 -0000

Am 24.08.2009 um 21:33 schrieb Peter Jeremy:

> I am attempting to build an i386 jail on an amd64 box to build
> packages for my netbook.  The host is running -current from just over
> two weeks ago and the jail is -current from early June.  The jail was
> built by doing a dump|restore of my netbook and then tweaking various
> config files to give it a new identity.  The jail's devfs is using
> "devfsrules_jail" from /etc/default/devfs.rules.
>
> The jail starts OK but when I attempt to ssh into it, I just get
> "Connection closed by <jail IP address>".  Adding debugging on the
> child, I see that it occurs immediately following:
> "debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY".
>
> Looking at a ktrace of the jailed sshd, the problem is inside the
> privilege separation child.  When I turned off privilege separation, I
> can log into the jail.  When I added a syslog socket inside the jailed
> chroot and left privilege separation enabled, I got:
> Aug 24 19:04:40 server sshd[70809]: error: buffer_put_bignum2_ret:  
> BN too small
> Aug 24 19:04:40 server sshd[70809]: fatal: buffer_put_bignum2:  
> buffer error
> Unfortunately, buffer_put_bignum2() is called from a number of  
> locations
> so the actual problem is not clear.
>
> Looking at google doesn't turn up anything useful.
>
> Does anyone have any suggestions?

I had similar symptoms during a recent make world.  Finishing  
installworld in the jails and rebooting made it all work again, so I  
did not investigate further.


Stefan

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 151 14070811