Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 9 Sep 2001 11:52:29 -0700 (PDT)
From:      Bill Fenner <fenner@research.att.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/30462: ssh gives useless errors when it can't get randomness
Message-ID:  <200109091852.f89IqTE06685@fenestro.attlabs.att.com>
next in thread | raw e-mail | index | archive | help 

>Number:         30462
>Category:       bin
>Synopsis:       ssh gives useless errors when it can't get randomness
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 09 12:10:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Bill Fenner
>Release:        FreeBSD 4.4-RC i386
>Organization:
AT&T Labs - Research
>Environment:
System: FreeBSD fenestro.attlabs.att.com 4.4-RC FreeBSD 4.4-RC #10: Sat Sep 8 21:44:45 PDT 2001 root@fenestro.attlabs.att.com:/usr/obj/usr/src/sys/FENESTRO i386

Updated from 4.3-RELEASE on September 8 via cvsup; cvs update; make world;
make kernel; power failure; mergemaster; reboot.

>Description:
	
I updated to 4.4-RC via source; somehow (possibly mergemaster's
run of MAKEDEV; presumably the subject of another PR) all of my
standard devices became mode 600 or worse, so e.g. /dev/random was
not accessible to normal users.  ssh started printing bogus error
messages, e.g.  when trying sshv1:

fenestro% ssh -o"Protocol 1" mango
ssh: no RSA support in libssl and libcrypto.  See ssl(8).
Disabling protocol version 1
ssh: No protocol version available.

This is a pretty misleading error, and it made me spend quite some time
investigating how I could have failed to include RSA support.

The error for protocol version 2 is even worse:

fenestro% ssh -o"Protocol 2" mango
DH_generate_key

A masterpiece of conciseness, while relaying no actual information.

>How-To-Repeat:
	

chmod 600 /dev/*random
ssh -o"Protocol 1" somewhere
sso -o"Protocol 2" somewhere

>Fix:

	
Check for this possibly-common problem (two seperate people in #bsdcode
showed up at the same time with this problem, either that's amazing
syncrhonicity or it's an easy problem to have) in another way and
report the inability to get randomness.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109091852.f89IqTE06685>