Re: Interop problem with old dropbear and new openssh

please include a full debug trace from the client and, if possible, from
the server.

On Fri, 30 Sep 2011, Graham Cobb wrote:

> Hi,
> 
> I have a router running an old version of OpenWRT with an old version of 
> dropbear (Dropbear sshd v0.44test3).  It has been working for many years and I 
> ssh in from my desktop systems (running Debian Testing) with no problem.
> 
> However, recently I upgraded one of my desktops and I can no longer connect to 
> the router.  Dropbear on the router is exiting with:
> 
> exit before auth: bad buf_getwriteptr
> 
> Looking at the output from ssh -vv, the problem occurs right after
> 
> debug1: sending SSH2_MSG_KEXDH_INIT
> debug1: expecting SSH2_MSG_KEXDH_REPLY
> 
> The desktop is running "SSH-2.0-OpenSSH_5.9p1 Debian-1" (it failed with 5.8 as 
> well).  However, another desktop still running "SSH-2.0-OpenSSH_5.5p1 
> Debian-6" still works fine.  The config files are identical and I can't find 
> anything in the changelog between those versions which looks like it would 
> affect the content of that message.
> 
> Has anyone seen this, or does anyone have any suggestions for possible 
> workrounds?
> 

Information on command execution in sshd

Hi,

I was going through the code of open ssh server part ( code for sshd ). My query is when user gives any command (
for example unix command "ls")
in the console ( after ssh login is complete ), which function in sshd will execute this command. I traced
that the command is coming to sshd code
in message type SSH2_MSG_CHANNEL_DATA. There is a check using function packet_check_eom(). But I am not
able to trace the place
where linux command "ls" will be executed. I want to know the function in sshd code which will execute this function.

Hoping for your expertise in this regard. Kindly help.

Best regards,

Titu

Re: Information on command execution in sshd

--On 2 October 2011 05:22:23 -0700 titu senapati <titu_senapati <at> yahoo.com> 
wrote:

> I was going through the code of open ssh server part ( code for sshd ).
> My query is when user gives any command ( for example unix command "ls")
> in the console ( after ssh login is complete ), which function in sshd
> will execute this command.

Assuming by "ssh login" you mean login in the sense of an interactive
shell, ssh runs bash (or whatever shell the user has set up). It then
passes stdin to bash over the ssh channel and prints stdout. Thus ssh
isn't executing the commands, it's just passing them to an existing
shell through an fd.

--

-- 
Alex Bligh

Re: Information on command execution in sshd

On 10/02/2011 08:22 AM, titu senapati wrote:

> I was going through the code of open ssh server part ( code for sshd ). My query is when user gives any command (
for example unix command "ls")
> in the console ( after ssh login is complete ), which function in sshd will execute this command. I traced
that the command is coming to sshd code
> in message type SSH2_MSG_CHANNEL_DATA. There is a check using function packet_check_eom(). But I am not
able to trace the place
> where linux command "ls" will be executed. I want to know the function in sshd code which will execute this function.

In the common case, sshd invokes a child process of the user's shell
upon session creation.  Then when the user types a command like "ls",
that command gets shuttled across ssh as channel data (as you've seen)
and handed as input to the child process (the shell).

It is the shell which interprets the "ls" as a command and in turn
invokes /bin/ls (or whatever).

So sshd doesn't invoke ls directly at all.  Make sense?

hope this helps,

	--dkg

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev <at> mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Re: Information on command execution in sshd

On Sun, 2 Oct 2011, titu senapati wrote:

> Hi,
>
> I was going through the code of open ssh server part ( code for sshd
> ). My query is when user gives any command ( for example unix command
> "ls") in the console ( after ssh login is complete ), which function
> in sshd will execute this command. I traced that the command is coming
> to sshd code in message type SSH2_MSG_CHANNEL_DATA. There is a check
> using function packet_check_eom(). But I am not able to trace the
> place where linux command "ls" will be executed. I want to know the
> function in sshd code which will execute this function.

What are you trying to do? (this looks a lot like a homework question)

The request is not SSH2_MSG_CHANNEL_DATA but SSH2_MSG_CHANNEL_REQUEST.

-d

Re: Information on command execution in sshd

Hi,

My query is answered now.  Thanks to Alex, Daniel and Damien for the response.
I searched the openssh code where SHELL process is started and got to know the steps.

Thanks to all.

Best Regards,

Titu

________________________________
From: titu senapati <titu_senapati <at> yahoo.com>
To: "openssh-unix-dev <at> mindrot.org" <openssh-unix-dev <at> mindrot.org>
Sent: Sunday, October 2, 2011 5:52 PM
Subject: Information on command execution in sshd

Hi,

I was going through the code of open ssh server part ( code for sshd ). My query is when user gives any command (
for example unix command "ls")
in the console ( after ssh login is complete ), which function in sshd will execute this command. I traced
that the command is coming to sshd code
in message type SSH2_MSG_CHANNEL_DATA. There is a check using function packet_check_eom(). But I am not
able to trace the place
where linux command "ls" will be executed. I want to know the function in sshd code which will execute this function.

Hoping for your expertise in this regard. Kindly help.

Best regards,

OpenSSH hanging

   Hi there,
   I'm having some strange behaviour from OpenSSH
   It presents itself when using the "ssh -t" / pseudo terminal.
   We are using this feature to update the wtmp and it is working fine on
   SuSE and RH, but our AIX hosts are getting hung. The first attempt is
   usually successful, but eventually, the session is hung and the CRTL-Z
   does not put the process into background.
   The ssh -v output
   OpenSSH_5.4p1, OpenSSL 0.9.8m 25 Feb 2010
   and when I run a truss:
   [snipped]
   kwrite(4, " �9E � d � � e 9 � O\b �".., 576)    = 576
   _select(5, 0x2005DC28, 0x00000000, 0x00000000, 0x00000000) = 1
   kread(4, " �8E07 y � � � } � < � �".., 8192)    = 32
   kfcntl(0, F_DUPFD, 0x00000000)                  = 5
   kfcntl(1, F_DUPFD, 0x00000000)                  = 6
   kfcntl(2, F_DUPFD, 0x00000000)                  = 7
   kioctl(5, 22528, 0x00000000, 0x00000000)        = 0
   kioctl(6, 22528, 0x00000000, 0x00000000)        = 0
   kioctl(7, 22528, 0x00000000, 0x00000000)        = 0
   kfcntl(5, F_SETFD, 0x00000001)                  = 0
   kfcntl(6, F_SETFD, 0x00000001)                  = 0
   kfcntl(7, F_SETFD, 0x00000001)                  = 0
   kioctl(6, 22528, 0x00000000, 0x00000000)        = 0
   sigprocmask(2, 0xF0277960, 0x2FF21AB0)          = 0
   _sigaction(1, 0x00000000, 0x2FF21B60)           = 0
   thread_setmymask_fast(0x00000000, 0x00000000, 0x00000000, 0x11FA00A9,
   0x00000000, 0x00000013, 0x00000000, 0x00000000) = 0x00000000
   sigprocmask(2, 0xF0277960, 0x2FF21AB0)          = 0

Re: OpenSSH hanging

On 7/10/11 9:58 AM, Henry Barber wrote:
>     I'm having some strange behaviour from OpenSSH
>     It presents itself when using the "ssh -t" / pseudo terminal.
>     We are using this feature to update the wtmp and it is working fine on
>     SuSE and RH, but our AIX hosts are getting hung. The first attempt is
>     usually successful, but eventually, the session is hung and the CRTL-Z
>     does not put the process into background.
>     The ssh -v output
>     OpenSSH_5.4p1, OpenSSL 0.9.8m 25 Feb 2010

This could happen with old versions of OpenSSH: they did not correctly 
handle the case where pty allocation failed.

This was fixed in 5.6.  From http://www.openssh.com/txt/release-5.6:

  Kill channel when pty allocation requests fail. Fixed stuck client
    if the server refuses pty allocation (bz#1698)

--

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Detect PID of sshd processes used by one public key; detect -R allocated port on the server

I have a situation where a number of potentially hostile clients ssh to
a host I control, each ssh'ing in as the same user, and each forwarding
a remote port back to them.

So, the authorized_keys file looks
like:

no-agent-forwarding,command="/bin/true",no-pty,no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7" 
ssh-rsa AAAAB....vnRWxcgaK9xXoU= client1234 <at> example.com

[the permitopen stanza just disables -L forwarding by only enabling a
forwarding to a port that will always refuse connections. Ignore this.]

and the ssh line from the client looks like this:

ssh -R0:127.0.0.1:1234 -N -ldummyuser central.example.org
Allocated port 54403 for remote forward to 127.0.0.1:1234

Now, ssh -R with a 0 port option allocates a remote port, which is what I
want to do, as I have lots and lots of these clients. It tells the /client/
what port it has allocated, but I want to know on the /server/ what port
has been allocated. On the server I want to detect which port (if any)
client1234 <at> example.com has open, and connect to that.

I can't pass this information from the client, because the potentially
hostile client could pass back a different number. I could then connect
to a port and be fooled into connecting to wrong client.

My plan was to get the PID of the sshd process, then use lsof to find
what ports it was listening on.

Re: Detect PID of sshd processes used by one public key; detect -R allocated port on the server

On 2011-10-08 at 10:01 +0100, Alex Bligh wrote:
> I can't help but think that log line would be more useful if it said which
> public key was accepted (am willing to provide a patch, but would prefer
> to avoid a code change).

LogLevel VERBOSE

-Phil