hanging problems with sshd openssh 5.[12]



We have built the last few versions of openssh for Solaris using the following config.

./configure
--prefix=/software/ssh-openssh-5.2
--with-kerberos5=/software/krb5-1.6 --without-kerberos4
--without-egd-pool --without-prngd-port --without-prngd-socket
--disable-etc-default-login
--with-entropy-timeout=200 --with-rand-helper
--with-pam --with-random=/dev/random

5.0 worked fine, but 5.1 and 5.2 sshd seems to hang when people do a paste of more than about 1k under vim.
We've also had some problems with 5.1 and 5.2 with a few programs that start up a remote program and chat with them - we get both sides waiting for the other to respond.
They all work fine with rsh or ssh as long as sshd isn't 5.1 or later.

Has anyone seen something like this?

Sample ssh_config and sshd_config file attached.

Jeff Voskamp
javoskam@xxxxxxxxxxxx

---snip sshd_config ---
# we're not using ipV6, but solaris offers it anyway (in all cases)
AddressFamily INET
Port 22
Protocol 2
ListenAddress 0.0.0.0

IgnoreRhosts yes
RhostsRSAAuthentication no

IgnoreUserKnownHosts no

X11Forwarding yes
X11UseLocalhost yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes

Subsystem sftp /software/ssh/maintenance/sftp-server

# to be pulled from previous incarnations and stashed above
# these are the defaults in case they weren't previously mentioned.
UsePam yes
StrictModes yes
PermitRootLogin no

HostbasedAuthentication yes
PubkeyAuthentication yes
GSSAPIAuthentication yes

PasswordAuthentication yes
PermitEmptyPasswords no

ChallengeResponseAuthentication yes

UsePrivilegeSeparation yes

---snip ssh_config ---
# Site-wide defaults for various options

Host *
Port 22
Protocol 2

RSAAuthentication no
RhostsRSAAuthentication no
ChallengeResponseAuthentication yes

PasswordAuthentication yes
HostBasedAuthentication yes
PreferredAuthentications hostbased,publickey,keyboard-interactive,password

ForwardAgent no
ForwardX11 yes
ForwardX11Trusted yes

UsePrivilegedPort no
CheckHostIP yes
EnableSSHKeysign yes



Relevant Pages

  • Re: Openssh, kerberos and Solaris 10
    ... if the problem is the Solaris 10 sshd is not saving ... other is used by pam :-( The man pages are not consistent ... rather live with this then to have to build OpenSSH and MIT Kerberos ... Solaris 10's sshd uses PAM, ...
    (comp.protocols.kerberos)
  • Re: SunSSH in Solaris 9 problems connecting to a Linksys router problem
    ... >>windwos client machines were using coudln't connect to Sun's solaris 9 ... >>Sun used under solaris 9 was old and broken. ... > Windows users. ... combination of Sun sshd and whatever client was/is installed in the ...
    (comp.unix.solaris)
  • Re: SSH Server
    ... > Is there a binary of sshd available for Solaris 8 Sparc. ... > recommend that we start using ssh instead of telnet. ... Go to www.blastwave.org for more than 500+ solaris software packages. ... Load depends on what kind of box you are putting these stuff up on. ...
    (comp.unix.solaris)
  • Re: SSHD with Secured authentication, using RSA PAM client
    ... Has anyone got ssh to authenticate to SecureID? ... You have make sure your sshd is pam enabled. ... It has nothing to do with Solaris. ...
    (Focus-SUN)