Date: Mon, 31 Jan 2005 17:20:56 -0800 From: Andrew Konstantinov <andrei@kableu.com> To: Doug White <dwhite@gumbysoft.com> Cc: freebsd-stable@freebsd.org Subject: Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root' Message-ID: <20050201012056.GA47334@warrior.kableu.com> In-Reply-To: <20050131144706.A10254@carver.gumbysoft.com> References: <20050130084359.GA36069@warrior.kableu.com> <20050131144706.A10254@carver.gumbysoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 31, 2005 at 02:49:09PM -0800, Doug White wrote: > Be aware that it was a weekend in the US yesterday so the people likely to > answer your question were probably out having fun, which is why you didn't > get an answer in 24 hours. Paitience, grasshopper. :) >=20 > On Sun, 30 Jan 2005, Andrew Konstantinov wrote: >=20 > > Hello, > > > > As the topic says, I've experienced some unusual sshd behavior after I = moved > > some of my systems from RELENG_5_3 to RELENG_5 recently. The unusuality= of the > > behavior is illustrated by the following exerpt from the /var/log/auth.= log on > > the RELENG_5 system: > > > > Jan 29 14:53:38 mail sshd[699]: login_getclass: unknown class 'root' >=20 > I can't reproduce this on my systems, many of which started at 5.3 and now > build 5-stable. Are you using the system ssh or one you built from ports? >=20 > What is the output of 'ls -l /etc/login.conf*'? mail# uname -rs FreeBSD 5.3-STABLE mail# date Mon Jan 31 16:53:00 PST 2005 mail# ls -l /etc/login.conf* -rw-r--r-- 1 root wheel 6522 Jan 29 14:09 /etc/login.conf -rw-r--r-- 1 root wheel 65536 Jan 29 14:09 /etc/login.conf.db mail# grep -A 3 -E '^root' /etc/login.conf root:\ :ignorenologin:\ :tc=3Ddefault: mail# tail -4 /var/log/auth.log Jan 31 16:52:59 mail sshd[14262]: login_getclass: unknown class 'root' Jan 31 16:52:59 mail last message repeated 3 times Jan 31 16:52:59 mail sshd[14262]: Accepted publickey for root from 192.168.= 0.1 port 59976 ssh2 Jan 31 16:52:59 mail sshd[14261]: Accepted publickey for root from 192.168.= 0.1 port 59976 ssh2 mail# I'm using the system supplied ssh client and server. All of this is really confusing to me. Three of my systems were initially running 5.2.1, then were upgraded to 5.3 release and then followed the vector of p1, p2, p3, p4, and= p5 updates. But, a few days ago I moved all of them to RELENG_5 and this weird= ness came up. The most interesting part is that when I downgrade back to RELENG_= 5_3, all of this disappears. Here is what happens to sshd in debug mode: mail# sshd -ddd debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.8.1p1 FreeBSD-20040419 [...] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug1: ssh_dss_verify: signature correct debug3: mm_answer_keyverify: key 0x80789b0 signature verified debug3: mm_request_send entering: type 23 Accepted publickey for root from 192.168.0.1 port 63791 ssh2 debug1: monitor_child_preauth: root has been authenticated by privileged pr= ocess debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 24 debug3: mm_request_receive entering debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss Accepted publickey for root from 192.168.0.1 port 63791 ssh2 debug3: mm_send_keystate: Sending new keys: 0x8079500 0x80794c0 debug3: mm_newkeys_to_blob: converting 0x8079500 debug3: mm_newkeys_to_blob: converting 0x80794c0 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state [...] Here is my make.conf on this particular system: mail# grep -v '^#' /etc/make.conf CFLAGS=3D -O -pipe COPTFLAGS=3D -O -pipe CPUTYPE=3D p2 KERNCONF=3D CUSTOM MAKE_IDEA=3D YES NOATM=3D true NOGAMES=3D true NO_BLUETOOTH=3D true NO_FORTRAN=3D true NO_I4B=3D true NO_PF=3D true NO_AUTHPF=3D true NO_IPFILTER=3D true NO_KERBEROS=3D true NO_LPR=3D true NO_NIS=3D true NO_SENDMAIL=3D true PPP_NOSUID=3D true PRINTERDEVICE=3D ascii WITH_OPTIMIZED_CFLAGS=3D true X_WINDOW_SYSTEM=3Dxorg PERL_VER=3D5.8.5 PERL_VERSION=3D5.8.5 PERL_ARCH=3Dmach NOPERL=3Dyo NO_PERL=3Dyo NO_PERL_WRAPPER=3Dyo mail# In case if it matters, root accounts on those servers do not use passwords = for authentication. The authentication is done solely by public/private ssh key= s. mail# grep root /etc/master.passwd | head -1 root:*:0:0::0:0:Andrew Konstantinov:/root:/bin/csh mail# mount | head -1 /dev/ad0s1a on / (ufs, local, read-only) mail# sysctl kern.securelevel kern.securelevel: 2 mail# I suppose the kernel config file should not be necessary. :) Any ideas at a= ll? Thanks in advance, Andrew --huq684BweRXVnRxX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB/tl4g+6MtxSjexcRAoV9AJ9AuJ7EHVZPF8HDZWWsulO7A6zcswCeL2at 4n8YArZLdA6CHRKMlVuD5rA= =XJi4 -----END PGP SIGNATURE----- --huq684BweRXVnRxX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050201012056.GA47334>