OpenSSH 4.x: server drops connections due to buggy glibc in LFS-6.1

[bugs@…]

Could not ssh to localhost from machine with OpenSSH 4.1p1 installed. /usr/sbin/sshd -D does not report a seg fault when this happens. It says keyboard-interactive fails.

[bugs@…]

Downgrading to 3.9 helps

[bdubbs@…]

This needs to be sorted out in blfs-support. The problem is not reproducible. It may be a configuration problem or a developer problem, but reporting a bug in the BLFS book is not yet appropriate.

[alexander@…]

In the past, the problem could be reproduced with openssh 4.0 on the Live CD (that's why it still uses the 3.9 version). I suspect that the following message is relevant:

http://msgs.securepoint.com/cgi-bin/get/openssh-unix-dev-0503/31/1/1.html

See also this thread:

https://mail.fukt.bth.se/pipermail/crux/2005-April/004745.html

From the thread, it follows that the glibc bug is resolved only in 2.3.5, while LFS-6.1 uses (buggy) 2.3.4. So please retest and, if necessary,

install -d /var/lib/sshd/lib

[ast@…]

(In reply to comment #3)

In the past, the problem could be reproduced with openssh 4.0 on the Live CD (that's why it still uses the 3.9 version). I suspect that the following message is relevant: http://msgs.securepoint.com/cgi-bin/get/openssh-unix-dev-0503/31/1/1.html

Yes, I got a very similar backtrace with my blfs installation. I posted a description about how one can reproduce and solve this problem to the blfs support list: http://linuxfromscratch.org/pipermail/blfs-support/2005-August/055907.html (I am quite new to blfs this is why I discovered the bug tracking system only now.)

[alexander@…]

Reopening because people hit this:

http://archive.linuxfromscratch.org/mail-archives/blfs-support/2005-October/056841.html

... and LFS-6.1 still provides a buggy glibc. Also this glibc problem affects proftpd. The proper solution is to apply a patch from http://sources.redhat.com/ml/libc-hacker/2005-02/msg00005.html (e.g., add this patch to LFS errata page and also mention its importance on the pages of packages that chroot somewhere: openssh, proftpd and maybe bind).

[LFS-User@…]

As this is a bug in a realease version of the book, I've downgraded it from being a "blocker".

I have never been able to reproduce this bug, so I don't know really how to go about fixing anthing. Perhaps Alex's suggestion is all we can really do. However, there is no BLFS errata page, and the problem is due to LFS version of Glibc in 6.1.

Apparently, the SVN version of LFS Glibc fixes the issue, so there's really nothing to do for the SVN version. I'll let Bruce figure out what would be best for the BLFS-6.1 BOOK.

[alexander@…]

Apparently, the SVN version of LFS Glibc fixes the issue, so there's really nothing to do for the SVN version.

Not sure. Are there people who build stable LFS but BLFS from SVN? There's already a note for such people on ALSA page.

[LFS-User@…]

Agreed that we should consider folks that build BLFS-SVN from LFS-Stable. However, suggesting that they rebuild their Glibc, to me, is not a good solution.

My whole point in my previous entry was justifying the downgrade of this bug from a "blocker". As I mentioned previously, we'll just have to defer the solution of this bug to Bruce's wisdom.

I don't see a good fix any way we go about it.

[alexander@…]

"install -d /var/lib/sshd/lib" is a good workaround, but IMHO it should be explained that it is a glibc bug.

[jim@…]

Next time why don't we put in a bug report. I did, since cross-lfs isn't using a glibc that's affected and we still had the issue. I put in a bug report and got this response.

Created an attachment (id=1000) [edit] Fix privsep + root login + delayed compression bug.

OK, looking at the debug output, I think that is fixed with the following change (patch attached):

• djm@… 2005/09/19 11:47:09 [sshd.c] stop connection abort on rekey with delayed compression enabled when post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@

If so, this is already fixed in -HEAD and the 4.2 branch. You can also work around it by setting "Compression yes" in sshd_config.

For complete details check http://bugzilla.mindrot.org/show_bug.cgi?id=1105

[alexander@…]

Because you see a different bug with the same sympthoms. Thanks for showing us that both parties are buggy.

[bdubbs@…]

This bug has been overcome by events. LFS 6.1.1 has been released with the buggy glibc corrected.

There is nothign for BLFS to do.