[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with OpenSSH
Turn all the "Kerberos..." options off (they're obsolete, and might
cause problems if they actually still exist in the code). Turn all
the "GSSAPI..." options on.
Also you might be better off using the OpenSSH patches from http://
www.sxw.org.uk/computing/patches/openssh.html instead of a plain,
stock distribution.
On Aug 1, 2007, at 10:37 AM, Antoine MILLET wrote:
> Brandon S. Allbery KF8NH wrote:
>>
>> On Aug 1, 2007, at 12:53 , Antoine MILLET wrote:
>>
>>> And any idea about the fact that openssh doesn't forward ticket
>>> and request password each time I want to log on another computer
>>> in our park ?
>>>
>>> Thanks in advance.
>>
>> I'd make sure (1) the tickets are forwardable and (2)
>> GSSAPIDelegateCredentials is turned on. (The latter seems to be
>> the most common problem, as default sshd configs tend to enable
>> GSSAPI for auth but disable credential delegation, thus preventing
>> the forwarded ticket from being used for anything.)
>>
> Sorry for my first mail, it's not in sshd_config but in ssh_config.
>
> I use the sshd_config with (default for the rest) :
> # Kerberos options
> KerberosAuthentication yes
> KerberosOrLocalPasswd yes
> KerberosTicketCleanup yes
> KerberosGetAFSToken yes
>
> # GSSAPI options
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
>
> And I use the ssh_config with (default for the rest) :
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
>
> But now I've a segfault with ssh client... I'm trying to ktrace ssh
> binary but just after the read of ~/.ssh/know_hosts, I obtain :
>
> 6844 ssh RET read 391/0x187
> 6844 ssh CALL close(0x4)
> 6844 ssh RET close 0
> 6844 ssh CALL write(0x3,0x8095000,0x10)
> 6844 ssh GIO fd 3 wrote 16 bytes
> 0x0000 0000 000c 0a15 0000 0000 0000 0000
> 0000
> |................|
>
> 6844 ssh RET write 16/0x10
> 6844 ssh CALL write(0x3,0x8095000,0x30)
> 6844 ssh GIO fd 3 wrote 48 bytes
> 0x0000 3c53 c90b 446d 5ccc cfdd 4296 ac72 777e a55a 34d8 aa34
> 9a72 7067 3b12 2a2a 790c f8ca e726 50e2 45e5 b3fd 2bd6 |<S..Dm
> \...B..rw~.Z4..4.rpg;.**y....&P.E...+.|
> 0x002c 67d6
> aaa3
> |g...|
>
> 6844 ssh RET write 48/0x30
> 6844 ssh CALL select(0x4,0x8092d50,0,0,0)
> 6844 ssh RET select 1
> 6844 ssh CALL read(0x3,0xbfbfbe40,0x2000)
> 6844 ssh GIO fd 3 read 48 bytes
> 0x0000 ce97 34ca eb0c b61a fb40 5e6e ee77 2a92 c3ee fc5e 8d6f
> 516e d17b 8eac 49af 3da5 5664 54e7 2b97 2341 b4dd b2d4 |..
> 4......@^n.w*....^.oQn.{..I.=.VdT.+.#A....|
> 0x002c 84a4
> d855
> |...U|
>
> 6844 ssh RET read 48/0x30
> 6844 ssh CALL write(0x3,0x8095000,0x40)
> 6844 ssh GIO fd 3 wrote 64 bytes
> 0x0000 4834 fd22 4078 b8d3 bd6f 7d7c 3d8e 836e 24d3 7e91 b411
> aa19 9be0 18c1 58ff f924 2b17 89b4 dfd2 9c18 5b33 3a6e |
> H4."@x...o}|=..n$.~.........X..$+.......[3:n|
> 0x002c afe1 92b9 a9b0 fc29 9d18 7127 5675 f708 1066
> c3e1
> |.......)..q'Vu...f..|
>
> 6844 ssh RET write 64/0x40
> 6844 ssh CALL select(0x4,0x8092d50,0,0,0)
> 6844 ssh RET select 1
> 6844 ssh CALL read(0x3,0xbfbfbe30,0x2000)
> 6844 ssh GIO fd 3 read 80 bytes
> 0x0000 b986 0d06 b6c9 18ab 42ef 9b1e 767d 34fd 273d 3e48 9b8a
> d82e 757c daf0 44d8 e372 2d45 65a0 0946 6b5e 18e8 c25c
> |........B...v}4.'=>H....u|..D..r-Ee..Fk^...\|
> 0x002c 5b48 af11 d7f1 8403 1bbc 22fe f97a 1215 e1fd 8723 e1af
> 0f97 3887 f844 3dcc 7e50 f6a9 147b |
> [H........"..z.....#....8..D=.~P...{|
>
> 6844 ssh RET read 80/0x50
> 6844 ssh CALL open(0x2822cd21,0,0x1b6)
> 6844 ssh NAMI "/etc/gss/mech"
> 6844 ssh RET open -1 errno 2 No such file or directory
> 6844 ssh CALL issetugid
> 6844 ssh RET issetugid 0
> 6844 ssh PSIG SIGSEGV SIG_DFL
>
>
> I don't understand why ssh segfault...
>
> Thanks in advance for all of your help.
>
> --
> Cordialement.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu