Bug 28724

[ Resending followup after GNATS somehow killed the first one. ]

Please note that the suid bit on /usr/bin/ssh is set.

-- 
Thomas Quinot ** Département Informatique & Réseaux ** quinot@inf.enst.fr
              ENST   //   46 rue Barrault   //   75634 PARIS CEDEX 13

Comment 2 Kris Kennaway 2001-07-08 22:59:36 UTC

Responsible Changed
From-To: freebsd-bugs->green

Over to the ssh maintainer

In case it's of interest or use, here's the output from a couple of
invocations of "ssh -v bunrab" (bunrab is one of the machines here at
home) from my laptop -- once running today's 4.3-STABLE; the other running
today's 5.0-CURRENT.  The home directory is the same in each case (for
more info on how the laptop is set up, please see
http://www.catwhisker.org/~david/FreeBSD/laptop.html).

Here's -STABLE:
Script started on Sat Jul 28 13:24:49 2001
dhcp-140[1] uname -a
FreeBSD dhcp-140.catwhisker.org 4.3-STABLE FreeBSD 4.3-STABLE #123: Sat Jul 28 06:51:46 PDT 2001     root@dhcp-140.catwhisker.org:/common/S1/obj/usr/src/sys/LAPTOP_30W  i386
dhcp-140[2] ssh-add -l
1024 c5:c0:e1:e0:9c:28:65:75:e1:3d:9d:21:3b:b3:13:5a david@dhcp-135.catwhisker.org
dhcp-140[3] ssh -v bunrab
SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
Compiled with SSL (0x0090601f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 1001 geteuid 1001 anon 1
debug: Connecting to bunrab.catwhisker.org [172.16.8.11] port 22.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version 2.0.12 (non-commercial)
debug: match: 2.0.12 (non-commercial) pat ^2\.0\.

debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'bunrab' is known and matches the RSA host key.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication via agent with 'david@dhcp-135.catwhisker.org'
debug: Received RSA challenge from server.
debug: Sending response to RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication accepted by server.
debug: Requesting pty.
debug: Requesting shell.
debug: Entering interactive session.
Last login: Sat Jul 28 13:19:53 2001 from dhcp-140.catwhis
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.   All rights reserved.

FreeBSD 3.2-RELEASE (BUNRAB) #3: Sun Apr 30 19:44:37 PDT 2000

Welcome to FreeBSD!  You will find security advisories and updated
errata information for all releases at http://www.FreeBSD.ORG/releases/

Before asking for technical assistance:
 1.  Consult the ERRATA section for your release at the URL above.

 2.  Search the Handbook, FAQ, and mail archives at 
     http://www.FreeBSD.ORG/search.html. If the doc distribution is
     installed on this machine, you will also find the formatted FAQ
     and Handbook documents in /usr/share/doc/

 3.  If you still have a question or problem, collect the output of
     `uname -a' along with error messages from whatever part of the
     system you are having problems with and email it as a question
     to the questions@FreeBSD.ORG mailing list.
        
You may also use `/stand/sysinstall' to re-enter the installation and
configuration  utility.  Edit /etc/motd to change this login announcement.

You have mail.
bunrab[1] exit
exit
Connection to bunrab closed.
debug: Transferred: stdin 0, stdout 1216, stderr 30 bytes in 4.3 seconds
debug: Bytes per second: stdin 0.0, stdout 283.1, stderr 7.0
debug: Exit status 0
dhcp-140[4] exit

Script done on Sat Jul 28 13:26:08 2001




And here's -CURRENT:
Script started on Sat Jul 28 13:30:28 2001
dhcp-140[1] uname -a
FreeBSD dhcp-140.catwhisker.org 5.0-CURRENT FreeBSD 5.0-CURRENT #84: Sat Jul 28 09:50:09 PDT 2001     root@dhcp-140.catwhisker.org:/common/C/obj/usr/src/sys/LAPTOP_30W  i386
dhcp-140[2] ssh-add -l
1024 c5:c0:e1:e0:9c:28:65:75:e1:3d:9d:21:3b:b3:13:5a david@dhcp-135.catwhisker.org (RSA1)
dhcp-140[3] ssh -v bunrab
OpenSSH_2.9 green@FreeBSD.org 20010608, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1001 geteuid 1001 anon 1
debug1: Connecting to bunrab.catwhisker.org [172.16.8.11] port 22.
debug1: temporarily_use_uid: 1001/20 (e=1001)
debug1: restore_uid
debug1: temporarily_use_uid: 1001/20 (e=1001)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/david/.ssh/identity type 0
debug1: identity file /home/david/.ssh/id_rsa type -1
debug1: identity file /home/david/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version 2.0.12 (non-commercial)
debug1: match: 2.0.12 (non-commercial) pat ^2\.0\.
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9 green@FreeBSD.org 20010608
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 183/384
debug1: bits set: 537/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'bunrab.catwhisker.org' is known and matches the DSA host key.
debug1: Found key in /home/david/.ssh/known_hosts2:1
debug1: bits set: 497/1024
debug1: len 40 datafellows 8831
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: buggy server: service_accept w/o service
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/david/.ssh/id_rsa
debug1: try privkey: /home/david/.ssh/id_dsa
debug1: next auth method to try is password
david@bunrab.catwhisker.org's password: 
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 10000 rmax 16384
Last login: Sat Jul 28 13:25:59 2001
FreeBSD 3.2-RELEASE (BUNRAB) #3: Sun Apr 30 19:44:37 PDT 2000

Welcome to FreeBSD!  You will find security advisories and updated
errata information for all releases at http://www.FreeBSD.ORG/releases/

Before asking for technical assistance:
 1.  Consult the ERRATA section for your release at the URL above.

 2.  Search the Handbook, FAQ, and mail archives at 
     http://www.FreeBSD.ORG/search.html. If the doc distribution is
     installed on this machine, you will also find the formatted FAQ
     and Handbook documents in /usr/share/doc/

 3.  If you still have a question or problem, collect the output of
     `uname -a' along with error messages from whatever part of the
     system you are having problems with and email it as a question
     to the questions@FreeBSD.ORG mailing list.
        
You may also use `/stand/sysinstall' to re-enter the installation and
configuration  utility.  Edit /etc/motd to change this login announcement.

You have mail.
bunrab[1] exit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: output open -> drain
debug1: channel 0: input open -> closed
debug1: channel 0: close_read
exit
debug1: channel 0: obuf empty
debug1: channel 0: output drain -> closed
debug1: channel 0: close_write
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel_free: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)

debug1: channel_free: channel 0: dettaching channel user
Connection to bunrab.catwhisker.org closed.
debug1: Transferred: stdin 0, stdout 0, stderr 45 bytes in 3.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 14.2
debug1: Exit status 0
dhcp-140[4] exit

Script done on Sat Jul 28 13:31:06 2001



Note that I needed to type my password in for -CURRENT, but not -STABLE,
which is symptomatic of the problem in question.

That it was not needed for -STABLE (and had not been needed in -CURRENT
until ssh-2.9 was committed) is because I was doing the activity from
an xterm, and I take the following actions:

* I use xdm to create the X environment, so I use ~/.xsession for my
  customization.

* Early on in ~/.xsession, I invoke ssh-agent, then ssh-add, so all child
  processes are able to take advantage of ssh-agent:

dhcp-140: head ~/.xsession
#! /bin/csh

if { test -x `which ssh-askpass` } then
  eval `ssh-agent`
  ssh-add
  set ssh_test = `ssh-add -l` || exit 1
  echo "$ssh_test" | grep '@' >/dev/null
  if ( $? ) then
    echo "What part of 'Need passphrase' don't you understand?"
    exit 2
  endif
endif
...


I hope this is helpful in getting the issue resolved,
david
-- 
David H. Wolfskill				david@catwhisker.org
As a computing professional, I believe it would be unethical for me to
advise, recommend, or support the use (save possibly for personal
amusement) of any product that is or depends on any Microsoft product.

In a not-so-surprising way, this problem turned out to be a
misconfiguration of the client machine. UsePrivilegedPort is now
necessary for the ssh client to use a privileged port, even when
host-based authentication is enablde and the client has the setuid bit.

Unfortunately, the default used to be "yes" (and still is in -STABLE), and
the option is not mentioned in the -CURRENT version of the installed
ssh_config.

Perhaps this could be mentioned in UPDATING?

Thomas.

-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG

Comment 5 Warner Losh 2002-01-27 06:50:42 UTC

State Changed
From-To: open->closed

This was a documentation reading error.  Warnings have been added to 
UPDATING, per original submitters request.