Re: openssh 4.7p1 Debian-4, OpenSSL 0.9.8g hangs after authentication [SOLVED]
On Sunday 30 March 2008, Bernardo Dal Seno wrote: On 29/03/2008, Eike Lantzsch [EMAIL PROTECTED] wrote: [snip] So it IS different. I deleted /tmp/ssh-pscjC23970 which is not created when starting ssh in a text console. Now ssh works again from an xterm and Konsole. /tmp/ssh-pscjC23970 is a socket file created by ssh-agent(1). It seems that KDE starts ssh-agent, while that doesn't happen when you login. Anyway, ssh look for a running ssh-agent by reading the variable SSH_AUTH_SOCK; this is setup by KDE when it launches ssh-agent, while in the console there is no such variable (or, if there, refers to a different instance). This explains the different behavior, but why ssh hangs when connecting to ssh-agent I don't know. Ciao, Bernardo Thank you for the explanation Bernardo. The scenario happens sometimes when we have a blackout and the UPS is run down before I can shutdown the workstation. After restarting there remains the stale socket file and ssh cannot read from it. For some reasons I didn't configure /tmp to be purged during startup. The problem never shows up if /tmp is purged of course. Mebbe I'm going to reconfigure ... Saludos, Eike If this is the usual microcontroller-based UPS you also should change the shutdown timer so the system shuts down before the UPS dies. Larry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: openssh 4.7p1 Debian-4, OpenSSL 0.9.8g hangs after authentication [SOLVED]
On 29/03/2008, Eike Lantzsch [EMAIL PROTECTED] wrote: I suspected the firewall on the workstation and casually CTRL-ALT-F2'ed into a console. I logged on as the same user. Lo-and-behold: It works fine on the same machine in a text console. I went back to KDE and tried an xterm instead of Konsole. It also hangs with xterm. That flabbergasted me completely. How can OpenSSH be different when using it in a terminal window than on a console while X is still running on ALT-F7? So it IS different. I deleted /tmp/ssh-pscjC23970 which is not created when starting ssh in a text console. Now ssh works again from an xterm and Konsole. /tmp/ssh-pscjC23970 is a socket file created by ssh-agent(1). It seems that KDE starts ssh-agent, while that doesn't happen when you login. Anyway, ssh look for a running ssh-agent by reading the variable SSH_AUTH_SOCK; this is setup by KDE when it launches ssh-agent, while in the console there is no such variable (or, if there, refers to a different instance). This explains the different behavior, but why ssh hangs when connecting to ssh-agent I don't know. Ciao, Bernardo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: openssh 4.7p1 Debian-4, OpenSSL 0.9.8g hangs after authentication [SOLVED]
On Sunday 30 March 2008, Bernardo Dal Seno wrote: On 29/03/2008, Eike Lantzsch [EMAIL PROTECTED] wrote: [snip] So it IS different. I deleted /tmp/ssh-pscjC23970 which is not created when starting ssh in a text console. Now ssh works again from an xterm and Konsole. /tmp/ssh-pscjC23970 is a socket file created by ssh-agent(1). It seems that KDE starts ssh-agent, while that doesn't happen when you login. Anyway, ssh look for a running ssh-agent by reading the variable SSH_AUTH_SOCK; this is setup by KDE when it launches ssh-agent, while in the console there is no such variable (or, if there, refers to a different instance). This explains the different behavior, but why ssh hangs when connecting to ssh-agent I don't know. Ciao, Bernardo Thank you for the explanation Bernardo. The scenario happens sometimes when we have a blackout and the UPS is run down before I can shutdown the workstation. After restarting there remains the stale socket file and ssh cannot read from it. For some reasons I didn't configure /tmp to be purged during startup. The problem never shows up if /tmp is purged of course. Mebbe I'm going to reconfigure ... Saludos, Eike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: openssh 4.7p1 Debian-4, OpenSSL 0.9.8g hangs after authentication
On 27/03/2008, Eike Lantzsch [EMAIL PROTECTED] wrote: Hi: Does somebody have a hint for me how to investigate this problem further: Openssh hangs from my workstation to any ssh-server including the workstation itself. Using another client machine I can ssh into all machines allright, including the Fawlty [(c)John Cleese] one. One has also installed Debian testing with the very same version of openssh and openssl. [EMAIL PROTECTED]:~$ ssh -vv -4 -2 -l myuser 192.168.0.40 [...] debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received I'd run strace on it. When I do strace -f ssh -vv -4 -2 -l joostje muso.komputilo.org 2strace.txt then I see in strace.txt: [...] write(2, debug2: service_accept: ssh-user..., 38debug2: service_accept: ssh-userauth ) = 38 write(2, debug1: SSH2_MSG_SERVICE_ACCEPT ..., 42debug1: SSH2_MSG_SERVICE_ACCEPT received ) = 42 write(2, debug2: key: /home/joostje/.ssh/..., 48debug2: key: /home/joostje/.ssh/id_rsa ((nil)) ) = 48 write(2, debug2: key: /home/joostje/.ssh/..., 51debug2: key: /home/joostje/.ssh/id_dsa (0x55dff0) ) = 51 write(3, o\243\302\260\251\5\264\215o\'}3N\341\354\225\'\215\213..., 64) = 64 select(4, [3], NULL, NULL, NULL)= 1 (in [3]) read(3, d\265\232\322\'\v\215Md\370.t\2511\353\274\267G\212L\302..., 8192) = 64 write(2, debug1: Authentications that can..., 63debug1: Authentications that can continue: publickey,password ) = 63 [...] In other words, my ssh writes two more debug statements right after the last debug statements you see, without any system calls in between. So, basically, it seems like it is 'impossible' for ssh to hang just at that point... Would be interesting to see the strace output of your ssh. After that it starts to write to fd 3, witch seems to be the communication socket to the SSH server. My versions: ii openssh-client 4.3p2-9 Secure shell client, an rlogin/rsh/rcp replacement ii openssh-server 4.3p2-9 Secure shell server, an rshd replacement ii openssl 0.9.8c-4etch1Secure Socket Layer (SSL) binary and related cryptographic tools -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
openssh 4.7p1 Debian-4, OpenSSL 0.9.8g hangs after authentication
Hi: Does somebody have a hint for me how to investigate this problem further: Openssh hangs from my workstation to any ssh-server including the workstation itself. Using another client machine I can ssh into all machines allright, including the Fawlty [(c)John Cleese] one. One has also installed Debian testing with the very same version of openssh and openssl. It seems that a certain upgrade has caused this behaviour but I cannot determine which library is the culprit. OpenSSH and OpenSSL itself seem to be OK because the work fine on other machines. [EMAIL PROTECTED]:~$ ssh -vv -4 -2 -l myuser 192.168.0.40 OpenSSH_4.7p1 Debian-4, OpenSSL 0.9.8g 19 Oct 2007 debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.0.40 [192.168.0.40] port 22. debug1: Connection established. debug1: identity file /home/myuser/.ssh/id_rsa type -1 debug1: identity file /home/myuser/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-4 debug1: match: OpenSSH_4.7p1 Debian-4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-4 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[EMAIL PROTECTED],hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[EMAIL PROTECTED],hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[EMAIL PROTECTED],hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[EMAIL PROTECTED],hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server-client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 139/256 debug2: bits set: 511/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.0.40' is known and matches the RSA host key. debug1: Found key in /home/myuser/.ssh/known_hosts:1 debug2: bits set: 527/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received and then for hours no reply ... -- Eike Lantzsch ZP6CGE Casilla de Correo 1519 1209 Asuncion / Paraguay Phone: +595-21-578698 FAX: +595-21-578690 Cell-Phone: +595-981-939317 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: openssh 4.7p1 Debian-4, OpenSSL 0.9.8g hangs after authentication
Eike Lantzsch wrote: Hi: Hi Eike Does somebody have a hint for me how to investigate this problem further: Openssh hangs from my workstation to any ssh-server including the workstation itself. Using another client machine I can ssh into all machines allright, including the Fawlty [(c)John Cleese] one. One has also installed Debian testing with the very same version of openssh and openssl. It seems that a certain upgrade has caused this behaviour but I cannot determine which library is the culprit. OpenSSH and OpenSSL itself seem to be OK because the work fine on other machines. Have you checked the firewall on your workstation? # iptables -L Have you tried it with Putty? If you create a new user and try it from the new account, same problem? [EMAIL PROTECTED]:~$ ssh -vv -4 -2 -l myuser 192.168.0.40 OpenSSH_4.7p1 Debian-4, OpenSSL 0.9.8g 19 Oct 2007 [snip] debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received and then for hours no reply ... It should not make a difference but just to be sure, 'ssh ... localhost' instead of the IP gives a timout as well? cya, Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
