Opened 19 years ago
Closed 18 years ago
#1534 closed defect (fixed)
OpenSSH 4.x: server drops connections due to buggy glibc in LFS-6.1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 6.2.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Could not ssh to localhost from machine with OpenSSH 4.1p1 installed. /usr/sbin/sshd -D does not report a seg fault when this happens. It says keyboard-interactive fails.
Change History (15)
comment:1 by , 19 years ago
comment:2 by , 19 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
This needs to be sorted out in blfs-support. The problem is not reproducible. It may be a configuration problem or a developer problem, but reporting a bug in the BLFS book is not yet appropriate.
comment:3 by , 19 years ago
In the past, the problem could be reproduced with openssh 4.0 on the Live CD (that's why it still uses the 3.9 version). I suspect that the following message is relevant:
http://msgs.securepoint.com/cgi-bin/get/openssh-unix-dev-0503/31/1/1.html
See also this thread:
https://mail.fukt.bth.se/pipermail/crux/2005-April/004745.html
From the thread, it follows that the glibc bug is resolved only in 2.3.5, while LFS-6.1 uses (buggy) 2.3.4. So please retest and, if necessary,
install -d /var/lib/sshd/lib
comment:4 by , 19 years ago
(In reply to comment #3)
In the past, the problem could be reproduced with openssh 4.0 on the Live CD (that's why it still uses the 3.9 version). I suspect that the following message is relevant:
http://msgs.securepoint.com/cgi-bin/get/openssh-unix-dev-0503/31/1/1.html
Yes, I got a very similar backtrace with my blfs installation. I posted a description about how one can reproduce and solve this problem to the blfs support list: http://linuxfromscratch.org/pipermail/blfs-support/2005-August/055907.html (I am quite new to blfs this is why I discovered the bug tracking system only now.)
comment:5 by , 19 years ago
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
| Summary: | OpenSSH 4.1p1 → OpenSSH 4.x: server drops connections due to buggy glibc in LFS-6.1 |
Reopening because people hit this:
http://archive.linuxfromscratch.org/mail-archives/blfs-support/2005-October/056841.html
... and LFS-6.1 still provides a buggy glibc. Also this glibc problem affects proftpd. The proper solution is to apply a patch from http://sources.redhat.com/ml/libc-hacker/2005-02/msg00005.html (e.g., add this patch to LFS errata page and also mention its importance on the pages of packages that chroot somewhere: openssh, proftpd and maybe bind).
comment:6 by , 19 years ago
| Milestone: | future → 6.2 |
|---|---|
| rep_platform: | PC → All |
| Severity: | blocker → normal |
| Version: | d-6.1 → a-SVN |
As this is a bug in a realease version of the book, I've downgraded it from being a "blocker".
I have never been able to reproduce this bug, so I don't know really how to go about fixing anthing. Perhaps Alex's suggestion is all we can really do. However, there is no BLFS errata page, and the problem is due to LFS version of Glibc in 6.1.
Apparently, the SVN version of LFS Glibc fixes the issue, so there's really nothing to do for the SVN version. I'll let Bruce figure out what would be best for the BLFS-6.1 BOOK.
comment:7 by , 19 years ago
Apparently, the SVN version of LFS Glibc fixes the issue, so there's really nothing to do for the SVN version.
Not sure. Are there people who build stable LFS but BLFS from SVN? There's already a note for such people on ALSA page.
comment:8 by , 19 years ago
Agreed that we should consider folks that build BLFS-SVN from LFS-Stable. However, suggesting that they rebuild their Glibc, to me, is not a good solution.
My whole point in my previous entry was justifying the downgrade of this bug from a "blocker". As I mentioned previously, we'll just have to defer the solution of this bug to Bruce's wisdom.
I don't see a good fix any way we go about it.
comment:9 by , 19 years ago
"install -d /var/lib/sshd/lib" is a good workaround, but IMHO it should be explained that it is a glibc bug.
comment:10 by , 19 years ago
| Status: | reopened → assigned |
|---|
comment:11 by , 19 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
comment:12 by , 19 years ago
| Status: | new → assigned |
|---|
comment:13 by , 19 years ago
Next time why don't we put in a bug report. I did, since cross-lfs isn't using a glibc that's affected and we still had the issue. I put in a bug report and got this response.
Created an attachment (id=1000) [edit] Fix privsep + root login + delayed compression bug.
OK, looking at the debug output, I think that is fixed with the following change (patch attached):
- djm@… 2005/09/19 11:47:09 [sshd.c] stop connection abort on rekey with delayed compression enabled when post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
If so, this is already fixed in -HEAD and the 4.2 branch. You can also work around it by setting "Compression yes" in sshd_config.
For complete details check http://bugzilla.mindrot.org/show_bug.cgi?id=1105
comment:14 by , 19 years ago
Because you see a different bug with the same sympthoms. Thanks for showing us that both parties are buggy.
comment:15 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
This bug has been overcome by events. LFS 6.1.1 has been released with the buggy glibc corrected.
There is nothign for BLFS to do.
Downgrading to 3.9 helps