From owner-freebsd-bugs Sun Sep 9 12:10: 6 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id DEDF337B408 for ; Sun, 9 Sep 2001 12:10:00 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f89JA0T02314; Sun, 9 Sep 2001 12:10:00 -0700 (PDT) (envelope-from gnats) Received: from fenestro.attlabs.att.com (mpfg.attlabs.net [12.106.35.2]) by hub.freebsd.org (Postfix) with ESMTP id A0AD637B403 for ; Sun, 9 Sep 2001 12:07:21 -0700 (PDT) Received: (from fenner@localhost) by fenestro.attlabs.att.com (8.11.6/8.11.6) id f89IqTE06685; Sun, 9 Sep 2001 11:52:29 -0700 (PDT) (envelope-from fenner) Message-Id: <200109091852.f89IqTE06685@fenestro.attlabs.att.com> Date: Sun, 9 Sep 2001 11:52:29 -0700 (PDT) From: Bill Fenner Reply-To: Bill Fenner To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/30462: ssh gives useless errors when it can't get randomness Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 30462 >Category: bin >Synopsis: ssh gives useless errors when it can't get randomness >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 09 12:10:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Bill Fenner >Release: FreeBSD 4.4-RC i386 >Organization: AT&T Labs - Research >Environment: System: FreeBSD fenestro.attlabs.att.com 4.4-RC FreeBSD 4.4-RC #10: Sat Sep 8 21:44:45 PDT 2001 root@fenestro.attlabs.att.com:/usr/obj/usr/src/sys/FENESTRO i386 Updated from 4.3-RELEASE on September 8 via cvsup; cvs update; make world; make kernel; power failure; mergemaster; reboot. >Description: I updated to 4.4-RC via source; somehow (possibly mergemaster's run of MAKEDEV; presumably the subject of another PR) all of my standard devices became mode 600 or worse, so e.g. /dev/random was not accessible to normal users. ssh started printing bogus error messages, e.g. when trying sshv1: fenestro% ssh -o"Protocol 1" mango ssh: no RSA support in libssl and libcrypto. See ssl(8). Disabling protocol version 1 ssh: No protocol version available. This is a pretty misleading error, and it made me spend quite some time investigating how I could have failed to include RSA support. The error for protocol version 2 is even worse: fenestro% ssh -o"Protocol 2" mango DH_generate_key A masterpiece of conciseness, while relaying no actual information. >How-To-Repeat: chmod 600 /dev/*random ssh -o"Protocol 1" somewhere sso -o"Protocol 2" somewhere >Fix: Check for this possibly-common problem (two seperate people in #bsdcode showed up at the same time with this problem, either that's amazing syncrhonicity or it's an easy problem to have) in another way and report the inability to get randomness. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message