Ok, I managed to reproduces this in a clean "ubuntu:latest" docker
container. Steps to reproduce are below. During testing, I noticed that
I aliased "ssh" to "ssh -K -X", and that "-K" (or equivalently "-o
GSSAPIAuthentication=yes") is crucial. This changes the problematic SSH
client command to
ssh -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex
root@ac3f9944f201 -v -p 2222 -o GSSAPIKeyExchange=yes -o
GSSAPIAuthentication=yes -F /dev/null
Complete steps to reproduce (container ac3f9944f201 is the server, IP
1.2.3.4 is the IP of the container host; this needs to be adapted):
Server:
podman run -it -p 2222:2222,8888:88 ubuntu
apt update
apt install openssh-server krb5-kdc krb5-admin-server
touch /etc/krb5kdc/kadm5.acl
touch /etc/krb5kdc/kadm5.dict
krb5_newrealm
kadmin.local
addprinc user
addprinc -randkey host/ac3f9944f201
ktadd -k /etc/krb5.keytab host/ac3f9944f201
exit
mkdir /run/sshd
/usr/sbin/sshd -d -p 2222 -f /dev/null -o GSSAPIKeyExchange=yes -o
GSSAPIAuthentication=yes
Client:
podman run -it ubuntu
apt update
apt install openssh-client krb5-user
kinit user
echo "1.2.3.4 ac3f9944f201" >> /etc/hosts
ssh -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex
root@ac3f9944f201 -v -p 2222 -o GSSAPIKeyExchange=yes -o
GSSAPIAuthentication=yes -F /dev/null
Notice "monitor_read: unpermitted request 48" on the server, and
"Connection closed by 1.2.3.4 port 2222" on the client (instead of the
expected "permission denied).
** Changed in: openssh (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1938144
Title:
monitor_read: unpermitted request 48 on server while attempting GSSAPI
key exchange
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1938144/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
