hanging problems with sshd openssh 5.[12]



We have built the last few versions of openssh for Solaris using the following config.

./configure
--prefix=/software/ssh-openssh-5.2
--with-kerberos5=/software/krb5-1.6 --without-kerberos4
--without-egd-pool --without-prngd-port --without-prngd-socket
--disable-etc-default-login
--with-entropy-timeout=200 --with-rand-helper
--with-pam --with-random=/dev/random

5.0 worked fine, but 5.1 and 5.2 sshd seems to hang when people do a paste of more than about 1k under vim.
We've also had some problems with 5.1 and 5.2 with a few programs that start up a remote program and chat with them - we get both sides waiting for the other to respond.
They all work fine with rsh or ssh as long as sshd isn't 5.1 or later.

Has anyone seen something like this?

Sample ssh_config and sshd_config file attached.

Jeff Voskamp
javoskam@xxxxxxxxxxxx

---snip sshd_config ---
# we're not using ipV6, but solaris offers it anyway (in all cases)
AddressFamily INET
Port 22
Protocol 2
ListenAddress 0.0.0.0

IgnoreRhosts yes
RhostsRSAAuthentication no

IgnoreUserKnownHosts no

X11Forwarding yes
X11UseLocalhost yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes

Subsystem sftp /software/ssh/maintenance/sftp-server

# to be pulled from previous incarnations and stashed above
# these are the defaults in case they weren't previously mentioned.
UsePam yes
StrictModes yes
PermitRootLogin no

HostbasedAuthentication yes
PubkeyAuthentication yes
GSSAPIAuthentication yes

PasswordAuthentication yes
PermitEmptyPasswords no

ChallengeResponseAuthentication yes

UsePrivilegeSeparation yes

---snip ssh_config ---
# Site-wide defaults for various options

Host *
Port 22
Protocol 2

RSAAuthentication no
RhostsRSAAuthentication no
ChallengeResponseAuthentication yes

PasswordAuthentication yes
HostBasedAuthentication yes
PreferredAuthentications hostbased,publickey,keyboard-interactive,password

ForwardAgent no
ForwardX11 yes
ForwardX11Trusted yes

UsePrivilegedPort no
CheckHostIP yes
EnableSSHKeysign yes