Back to list
Zero byte PID file allows ssh v1 connection on Solaris 9
Jun 02 2011 05:50PM
Turner, David (David Turner lpsvcs com)
First time poster.
Ultimately the solution to this is probably to upgrade but I would like to get a better understanding of the mechanics behind the issue.
OpennSSH deamon allowed an ssh v1 connection despite config file set to allow v2 only.
1. Occurred on a Solaris 9 server with sshd version OpenSSH_3.8p1, OpenSSL 0.9.7d
2. Confirmed that /usr/local/etc/sshd_config is set for protocol 2 only.
3. ps -eaf shows /usr/local/sbin/sshd -u0
4. Execute ssh -1 -v -p xx localhost and got the following output indicating a successful
--> Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port xx.
debug1: Connection established.
5. Confirmed that /etc/ssh/ssh_config is also set to use protocol 2 only.
6. Restarted OpenSHH using /etc/init.d/opensshd to ensure that config file was being read
and got an error message stating OpenSSH could not write to the PID file.
7. Discovered that PID was missing from /var/run/sshd.pid (file was zero bytes).
8. Deleting sshd.pid, kill -9 on sshd, failed to allow creation of PID file.
9. Manually entered PID into sshd.pid and restarted opensshd with complete success.
10. Re-tested with ssh -1 -v localhost and connection failed. All is better.
11. I've since discovered that the ssh command from Sun_SSH is first in the path which may
be part of the problem.
My main concern is that sshd allowed the insecure protocol v1 to connect despite the fact that the sshd_config files were set to allow v2 only because of the zero byte PID file. My company is nearly finished migrating to RHEL so I have limited Solaris resources and have no way to test if removing Sun_SSH from the scenario would prevent resolve this issue or to test if upgrading will resolve the issue. Also, I understand that a zero byte PID can cause problems, but I don't understand why I couldn't fix that by killing the sshd process and then restarting OpenSSH.
I've been unable to find any information on this issue in the news group archives, Google results, or anywhere else and would appreciate any feedback/education including "Go look [wherever]."
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
[ reply ]
Copyright 2010, SecurityFocus