Re: SSH / PRIV SEP / LINUX issue
From: Cesar Maia (maia_cesar_at_zipmail.com.br)
Date: 12/29/03
- Previous message: dhiraj.2.bhuyan_at_bt.com: "RE: differnce between SCP and SSH"
- In reply to: Ashish Kumar: "SSH / PRIV SEP / LINUX issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Ashish Kumar <a_shish_kr@hotmail.com>, secureshell@securityfocus.com Date: Mon, 29 Dec 2003 12:32:16 -0200
On Thu, 11 Dec 2003 04:19:37 +0000, Ashish Kumar <a_shish_kr@hotmail.com>
wrote:
> Hello,
>
> I am facing a weird problem with ssh (Secured Shell) daemon on linux
> (version 8). Such whether its known issue.
>
> PROBLEM:
> I compiled "sshd" (linux ver 8.0 source) and executed the daemon with
> privsep (Privilege Separation) disabled.
> The ssh client cannot connect, it goes into cleanup and exits.
>
> NOTE:
> On the other hand, the original/preexisting linux "sshd" in
> "/usr/sbin/sshd" works great i.e. I can connect to the ssh server with
> privsep disabled.
>
> CHANGES DONE from normal execution:
> 1. I have done 2 changes:
> a. I have disabled use_privsep option (Privilege separation by
> setting "UsePrivilegeSeparation no" in sshd_config file)
> b. I have removed "moduli" file from the "/etc/ssh". So, it computes
> its own prime number 2. I have not done any changes in .c or .h of
> configuration file except sshd_config. 3. NOTE: If I enable privsep
> option, for my compiled sshd the code runs OK.
>
> My question is how can linux code behave like that as far I understand
> linux compiled from the same source I am using or are they different?
>
> DEBUG PRINTS:
> -------------
> [root@qualis openssh-3.4p1]# ./sshd -d
> debug1: sshd version OpenSSH_3.4p1
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> socket: Address family not supported by protocol
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> debug1: Server will not fork when running in debugging mode. Connection
> from 192.168.1.11 port 3893
> debug1: Client protocol version 2.0; client software version TeraTerm
> SSH/SSH2 PEnabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.4p1
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: client->server 3des-cbc hmac-sha1 none
> debug1: kex: server->client 3des-cbc hmac-sha1 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
>
> WARNING: /usr/local/etc/moduli does not exist, using old modulus
> ************** MODULI NOT FOUND ***
>
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: dh_gen_key: priv key bits set: 189/384
> debug1: bits set: 497/1024
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 524/1024
> -------- I found out that it never comes out of key_sign() function.
> debug1: Calling cleanup 0x806a1cc(0x0)
>
>
> Thanks in advance.
> Ashish Kumar
>
> _________________________________________________________________
> It is Ms World time! Send in your wishes to Ami Vashi.
> http://server1.msn.co.in/sp03/Missworld2003/ Help her bring home the
> crown!
>
Try to use sshd -ddd for more info.
Cesar.
- Previous message: dhiraj.2.bhuyan_at_bt.com: "RE: differnce between SCP and SSH"
- In reply to: Ashish Kumar: "SSH / PRIV SEP / LINUX issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
