From owner-freebsd-bugs Sun Jan 21 21:40:22 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A117737B401 for ; Sun, 21 Jan 2001 21:40:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0M5e2j65681; Sun, 21 Jan 2001 21:40:02 -0800 (PST) (envelope-from gnats) Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210]) by hub.freebsd.org (Postfix) with ESMTP id 4137737B402 for ; Sun, 21 Jan 2001 21:30:59 -0800 (PST) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id QAA01033 for ; Mon, 22 Jan 2001 16:30:46 +1100 (EST) (envelope-from gnb@itga.com.au) Received: from hellcat.itga.com.au (hellcat.itga.com.au [192.168.71.163]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id QAA08016; Mon, 22 Jan 2001 16:30:45 +1100 (EST) Received: (from gnb@localhost) by hellcat.itga.com.au (8.11.1/8.9.3) id f0M5UjR92920; Mon, 22 Jan 2001 16:30:45 +1100 (EST) (envelope-from gnb@itga.com.au) Message-Id: <200101220530.f0M5UjR92920@hellcat.itga.com.au> Date: Mon, 22 Jan 2001 16:30:45 +1100 (EST) From: gnb@itga.com.au To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/24521: ssh-agent exits when authenticating DSA via v1 Auth forwarding Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24521 >Category: bin >Synopsis: ssh-agent exits when authenticating DSA via v1 Auth forwarding >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jan 21 21:40:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Gregory Bond >Release: FreeBSD 4.2-STABLE i386 >Organization: ITG Australia Limited >Environment: I'm running 4.2-Stable, with system-supplied OpenSSH: SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). Plus OpenSSH on Solaris: SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). [I Need to use solaris hosts for this demo as I don't have enbough 4.2 boxes to use FreeBSD for each step!] >Description: I run my desktop with ssh-agent on FreeBSD 4.2. The agent stores an RSA key and a DSA key, as some of the hosts I need to connect to still only have SSH1 capability. I use this to slogin to various machines of various unix flavours without needing to type passwords. Auth forwarding is on for all these links. If I slogin to a Solaris host running OpenSSH_2.2.0p1 in Protocol V1 mode with auth forwading enabled ("lightning" in this example, set by my ssh_config), then from that machine attempt to slogin to another machine running the same OpenSSH_2.2.0p1 version but using the version 2 protocol ("slink" in this example), then my ssh-agent exits. The second slogin gets an error message: Authentication response too long: 1651861094 I ran truss on the ssh-agent and it appears to be deliberately exiting with "exit(-1)", rather than coredumping, but no error messages are visible: (null)() = 1 (0x1) accept(0x3,0xbfbfef28,0xbfbfef24) = 0 (0x0) fcntl(0x0,0x4,0x4) = 0 (0x0) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) read(0x0,0xbfbfef94,0x400) = 5 (0x5) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) write(0,0x8055000,9) = 9 (0x9) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) accept(0x3,0xbfbfef28,0xbfbfef24) = 1 (0x1) fcntl(0x1,0x4,0x4) = 0 (0x0) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) read(0x1,0xbfbfef94,0x400) = 0 (0x0) shutdown(0x1,0x2) = 0 (0x0) close(1) = 0 (0x0) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) accept(0x3,0xbfbfef28,0xbfbfef24) = 1 (0x1) fcntl(0x1,0x4,0x4) = 0 (0x0) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) read(0x1,0xbfbfef94,0x400) = 5 (0x5) break(0x805c000) = 0 (0x0) break(0x805d000) = 0 (0x0) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) write(1,0x805a000,477) = 477 (0x1dd) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) accept(0x3,0xbfbfef28,0xbfbfef24) = 2 (0x2) fcntl(0x2,0x4,0x4) = 0 (0x0) select(0x4,0xbfbff4c4,0xbfbff444,0x0,0x0) = 1 (0x1) read(0x2,0xbfbfef94,0x400) = 954 (0x3ba) write(2,0xbfbfe2ac,53) = 53 (0x35) lstat("/tmp/ssh-ELr48725/agent.48725",0xbfbfed14) = 0 (0x0) unlink(0x804f3a0) = 0 (0x0) rmdir(0x804f7a0) = 0 (0x0) sigprocmask(0x1,0x28060720,0xbfbfed54) = 0 (0x0) sigprocmask(0x3,0x28060730,0x0) = 0 (0x0) exit(0xff) process exit, rval = 65280 >How-To-Repeat: Script started on Mon Jan 22 16:17:02 2001 hellcat$ ssh-agent bash hellcat$ ssh-add Need passphrase for /home/users/gnb/.ssh/identity Enter passphrase for gnb@hellcat.itga.com.au: Identity added: /home/users/gnb/.ssh/identity (gnb@hellcat.itga.com.au) hellcat$ ssh-add ~/.ssh/id_dsa Need passphrase for /home/users/gnb/.ssh/id_dsa Enter passphrase for /home/users/gnb/.ssh/id_dsa: Identity added: /home/users/gnb/.ssh/id_dsa (/home/users/gnb/.ssh/id_dsa) hellcat$ ssh-add -l 1024 8b:fc:7b:f5:1d:c5:0b:5d:46:7d:e4:fb:7b:dc:cb:20 gnb@hellcat.itga.com.au 1024 89:b9:33:14:f8:bd:58:90:c6:bd:f8:3f:aa:e4:0e:71 /home/users/gnb/.ssh/id_dsa hellcat$ slogin lightning Last login: Mon Jan 22 16:17:25 2001 from hellcat.itga.co Sun Microsystems Inc. SunOS 5.6 Generic August 1997 lightning$ ssh-add -l 1024 8b:fc:7b:f5:1d:c5:0b:5d:46:7d:e4:fb:7b:dc:cb:20 gnb@hellcat.itga.com.au 1024 89:b9:33:14:f8:bd:58:90:c6:bd:f8:3f:aa:e4:0e:71 /home/users/gnb/.ssh/id_dsa lightning$ slogin slink Authentication response too long: 1651861094 lightning$ ssh-add -l Error reading response length from authentication socket. Broken Pipe lightning$ logout Connection to lightning.itga.com.au closed. hellcat$ ssh-add -l Could not open a connection to your authentication agent. hellcat$ slogin lightning Enter passphrase for RSA key 'gnb@hellcat.itga.com.au': Bad passphrase. Permission denied. hellcat$ exit hellcat$ exit Script done on Mon Jan 22 16:18:03 2001 >Fix: Don't attempt to do V2/DSA auth agent over a V1 link. I'm not expecting this to actually work, but it'd be very nice if the ssh-agent didn't die, forcing me to re-login all over again (or type passwords for the rest of the session). >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message