Secure Shell
SSH under chroot, kernel with enabled grsecurity. (opentty problem ?) Mar 29 2010 07:07PM
Marcin Grinberg (grindzio gmail com) (1 replies)
Re: SSH under chroot, kernel with enabled grsecurity. (opentty problem ?) Mar 30 2010 10:10AM
Jan Pechanec (Jan Pechanec Sun COM)
On Mon, 29 Mar 2010, Marcin Grinberg wrote:

>Hello,
>
>I'm trying to fix this problem for a while (month probably). I'm not
>able to find an solution via google. If someone could help me out I
>would appreciate.

Marcin, I don't think this is a problem in OpenSSH. It just
tries to get a new PTY and it fails. What's more, it works for some
time, the problem seems to be in the system itself.

you can keep an open connection to the system. When the new
connection fails, you can try to debug on the remote side why a new PTY
cannot be allocated.

J.

>Screenplay:
>
>I'm starting server under chroot with /proc and /dev/pts mounted.
>Everything is fine, clients can connect to the server.
>After a while (approx 24h) "something" is happening and server rejects
>connections.
>
>output(-vvv enabled):
>OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
>debug1: Reading configuration data /etc/ssh/ssh_config
>debug2: ssh_connect: needpriv 0
>debug1: Connecting to ***.***.***.*** port 22.
>debug1: Connection established.
>debug1: identity file /home/user/.ssh/identity type -1
>debug1: identity file /home/user/.ssh/id_rsa type -1
>debug1: identity file /home/user/.ssh/id_dsa type -1
>debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
>debug1: match: OpenSSH_5.2 pat OpenSSH*
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_5.2
>debug2: fd 3 setting O_NONBLOCK
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit:
>diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1
,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit:
>aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-
cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@
lysator.liu.se
>debug2: kex_parse_kexinit:
>aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-
cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@
lysator.liu.se
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,umac-64 (at) openssh (dot) com [email concealed],hmac-ripemd160,hmac-ripemd160@op
enssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,umac-64 (at) openssh (dot) com [email concealed],hmac-ripemd160,hmac-ripemd160@op
enssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none,zlib (at) openssh (dot) com [email concealed],zlib
>debug2: kex_parse_kexinit: none,zlib (at) openssh (dot) com [email concealed],zlib
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: kex_parse_kexinit:
>diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1
,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>debug2: kex_parse_kexinit:
>aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-
cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@
lysator.liu.se
>debug2: kex_parse_kexinit:
>aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-
cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@
lysator.liu.se
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,umac-64 (at) openssh (dot) com [email concealed],hmac-ripemd160,hmac-ripemd160@op
enssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit:
>hmac-md5,hmac-sha1,umac-64 (at) openssh (dot) com [email concealed],hmac-ripemd160,hmac-ripemd160@op
enssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none,zlib (at) openssh (dot) com [email concealed]
>debug2: kex_parse_kexinit: none,zlib (at) openssh (dot) com [email concealed]
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: mac_setup: found hmac-md5
>debug1: kex: server->client aes128-ctr hmac-md5 none
>debug2: mac_setup: found hmac-md5
>debug1: kex: client->server aes128-ctr hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>debug2: dh_gen_key: priv key bits set: 137/256
>debug2: bits set: 495/1024
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
>debug3: check_host_in_hostfile: match line 2
>debug1: Host '***.***.***.***' is known and matches the RSA host key.
>debug1: Found key in /home/user/.ssh/known_hosts:2
>debug2: bits set: 526/1024
>debug1: ssh_rsa_verify: signature correct
>debug2: kex_derive_keys
>debug2: set_newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: expecting SSH2_MSG_NEWKEYS
>debug2: set_newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: SSH2_MSG_SERVICE_REQUEST sent
>debug2: service_accept: ssh-userauth
>debug1: SSH2_MSG_SERVICE_ACCEPT received
>debug2: key: /home/user/.ssh/identity ((nil))
>debug2: key: /home/user/.ssh/id_rsa ((nil))
>debug2: key: /home/user/.ssh/id_dsa ((nil))
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>debug3: start over, passed a different list
>publickey,password,keyboard-interactive
>debug3: preferred publickey,keyboard-interactive,password
>debug3: authmethod_lookup publickey
>debug3: remaining preferred: keyboard-interactive,password
>debug3: authmethod_is_enabled publickey
>debug1: Next authentication method: publickey
>debug1: Trying private key: /home/user/.ssh/identity
>debug3: no such identity: /home/user/.ssh/identity
>debug1: Trying private key: /home/user/.ssh/id_rsa
>debug3: no such identity: /home/user/.ssh/id_rsa
>debug1: Trying private key: /home/user/.ssh/id_dsa
>debug3: no such identity: /home/user/.ssh/id_dsa
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup keyboard-interactive
>debug3: remaining preferred: password
>debug3: authmethod_is_enabled keyboard-interactive
>debug1: Next authentication method: keyboard-interactive
>debug2: userauth_kbdint
>debug2: we sent a keyboard-interactive packet, wait for reply
>debug1: Authentications that can continue:
>publickey,password,keyboard-interactive
>debug3: userauth_kbdint: disable: no info_req_seen
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup password
>debug3: remaining preferred:
>debug3: authmethod_is_enabled password
>debug1: Next authentication method: password
>user@***.***.***.***'s password:
>debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)
>debug2: we sent a password packet, wait for reply
>debug1: Authentication succeeded (password).
>debug1: channel 0: new [client-session]
>debug3: ssh_session2_open: channel_new: 0
>debug2: channel 0: send open
>debug1: Requesting no-more-sessions (at) openssh (dot) com [email concealed]
>debug1: Entering interactive session.
>debug2: callback start
>debug2: client_session2_setup: id 0
>debug2: channel 0: request pty-req confirm 1
>debug2: channel 0: request shell confirm 1
>debug2: fd 3 setting TCP_NODELAY
>debug2: callback done
>debug2: channel 0: open confirm rwindow 0 rmax 32768
>debug1: channel 0: free: client-session, nchannels 1
>debug3: channel 0: status: The following connections are open:
>  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cfd -1)
>
>debug3: channel 0: close_fds r 4 w 5 e 6 c -1
>Connection to ***.***.***.*** closed by remote host.
>Connection to ***.***.***.*** closed.
>Transferred: sent 1712, received 1864 bytes, in 0.0 seconds
>Bytes per second: sent 69715.3, received 75904.9
>debug1: Exit status -1
>
>
>On the server in logs I have:
>Mar 29 06:59:25 localhost sshd_ch[15900]: Accepted password for user
>from ***.***.***.*** port 58520 ssh2
>Mar 29 06:59:25 localhost sshd_ch[15900]: fatal: openpty returns
>device for which ttyname fails.
>Mar 29 06:59:25 localhost sshd_ch[15900]: syslogin_perform_logout:
>logout() returned an error
>Mar 29 06:59:25 localhost sshd_ch[15900]: error: chown  0 0 failed: No
>such file or directory
>Mar 29 06:59:25 localhost sshd_ch[15900]: error: chmod  0666 failed:
>No such file or directory
>Mar 29 06:59:35 localhost sshd_ch[15905]: Accepted password for user
>from ***.***.***.*** port 58521 ssh2
>Mar 29 06:59:35 localhost sshd_ch[15905]: fatal: openpty returns
>device for which ttyname fails.
>Mar 29 06:59:35 localhost sshd_ch[15905]: syslogin_perform_logout:
>logout() returned an error
>Mar 29 06:59:35 localhost sshd_ch[15905]: error: chown  0 0 failed: No
>such file or directory
>Mar 29 06:59:35 localhost sshd_ch[15905]: error: chmod  0666 failed:
>No such file or directory
>
>I really would like to run this server correctly...
>Let me know if any further information is needed.
>
>Thanks in advance.
>Marcin Grinberg
>

--
Jan Pechanec
http://blogs.sun.com/janp

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus