Thanks, Stefan. Unfortunately, I'm not able to get the VM to boot up.
I'm running VB 5.1.22. I've found that snapshots can be problematic even
between VB point releases. Would it be a problem for you to delete the
snapshot, and then export the VM as an appliance?
That said -- I think I have managed to reproduce the issue using
gss-client and gss-server, so if this *would* be a problem, no worries
(yet :-) .
Thanks,
Dan
On 8/9/2017 3:37 AM, Stefan Paetow wrote:
> Yes.
>
> *Everything* is the latest, including the latest MS package for OpenSSH
> (other than the GSS-EAP and MS-UI packages - for obvious reasons). The
> bash history in the 'sysuser' user has everything you need... The
> command is ssh -Kv <email address hidden> (the local machine
> name).
>
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
>
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: <email address hidden>
> skype: stefan.paetow.janet
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT
> No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower
> Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> From: <<email address hidden><mailto:<email address hidden>>> on behalf of Dan Breslau <<email address hidden><mailto:<email address hidden>>>
> Reply-To: Bug 1709337 <<email address hidden><mailto:<email address hidden>>>
> Date: Tuesday, 8 August 2017 at 23:17
> To: Stefan Paetow <<email address hidden><mailto:<email address hidden>>>
> Subject: [Bug 1709337] Re: moonshot-gss-eap-1.0.1-1.el6 causes RADIUS TLS error and SSH segv
>
> Is this the same image that you just emailed me a link to on another
> thread?
>
> It would also be very helpful if you could include details about the
> command[s] you're running when you see this problem. I gather that ssh
> is one of those commands. I'm guessing that that's a moonshot-enabled
> ssh; and if so, what version?
>
> --
> You received this bug notification because you are a member of Moonshot
> Drivers, which is subscribed to Project Moonshot.
> Matching subscriptions: Moonshot Drivers
> https://bugs.launchpad.net/bugs/1709337
>
> Title:
> moonshot-gss-eap-1.0.1-1.el6 causes RADIUS TLS error and SSH segv
>
> Status in Project Moonshot:
> New
>
> Bug description:
> When using moonshot-gss-eap-1.0.1-1.el6 on a new CentOS 6 box, I see
> the following issue:
>
> When used with the newest moonshot-ui package (see Bug 1709316) in a
> mode that uses .gss_eap_id, RADIUS reports a TLS failure:
>
> eap_ttls: ERROR: TLS Alert read:fatal:unknown CA
> eap_ttls: ERROR: TLS_accept: Failed in SSLv3 read client certificate A
> eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read)
> eap_ttls: ERROR: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> eap_ttls: ERROR: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
> eap_ttls: ERROR: System call (I/O) error (-1)
> eap_ttls: ERROR: TLS receive handshake failed during operation
> eap_ttls: ERROR: [eaptls process] = fail
> eap: ERROR Failed continuing EAP TTLS (21) session. EAP sub-module failed
>
> When I downgrade to 0.9.5-1, the problem goes away. If there is TLS
> functionality that attempts to get trust anchors (and fails), perhaps
> we should update the .gss_eap_id functionality to add a third line
> that allows a trust anchor?
>
> Additionally, when I downgrade moonshot-ui to avoid Bug 1709316, the
> moonshot-gss-eap package appears to cause a segv in the ssh process
> during a call like this:
>
> ssh -Kv <email address hidden><mailto:<email address hidden>>
> :
> :
> debug1: Next authentication method: gssapi-keyex
> debug1: No valid Key exchange context
> debug1: Next authentication method: gssapi-with-mic
> Segmentation fault (core dumped)
>
> This does not happen when I downgrade to 0.9.5-1.
>
> A virtual machine (Virtual Box 5.1) can be provided that demonstrates
> this issue.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/moonshot/+bug/1709337/+subscriptions
>
Thanks, Stefan. Unfortunately, I'm not able to get the VM to boot up.
I'm running VB 5.1.22. I've found that snapshots can be problematic even
between VB point releases. Would it be a problem for you to delete the
snapshot, and then export the VM as an appliance?
That said -- I think I have managed to reproduce the issue using
gss-client and gss-server, so if this *would* be a problem, no worries
(yet :-) .
Thanks,
Dan
On 8/9/2017 3:37 AM, Stefan Paetow wrote: <mailto: <email address hidden>>> on behalf of Dan Breslau <<email address hidden> <mailto: <email address hidden>>> <mailto: <email address hidden>>> <mailto: <email address hidden>>> gss-eap- 1.0.1-1. el6 causes RADIUS TLS error and SSH segv /bugs.launchpad .net/bugs/ 1709337 gss-eap- 1.0.1-1. el6 causes RADIUS TLS error and SSH segv gss-eap- 1.0.1-1. el6 on a new CentOS 6 box, I see SSL3_READ_ BYTES:tlsv1 alert unknown ca SSL3_READ_ BYTES:ssl handshake failure <mailto: <email address hidden>> /bugs.launchpad .net/moonshot/ +bug/1709337/ +subscriptions
> Yes.
>
> *Everything* is the latest, including the latest MS package for OpenSSH
> (other than the GSS-EAP and MS-UI packages - for obvious reasons). The
> bash history in the 'sysuser' user has everything you need... The
> command is ssh -Kv <email address hidden> (the local machine
> name).
>
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
>
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: <email address hidden>
> skype: stefan.paetow.janet
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT
> No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower
> Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> From: <<email address hidden>
> Reply-To: Bug 1709337 <<email address hidden>
> Date: Tuesday, 8 August 2017 at 23:17
> To: Stefan Paetow <<email address hidden>
> Subject: [Bug 1709337] Re: moonshot-
>
> Is this the same image that you just emailed me a link to on another
> thread?
>
> It would also be very helpful if you could include details about the
> command[s] you're running when you see this problem. I gather that ssh
> is one of those commands. I'm guessing that that's a moonshot-enabled
> ssh; and if so, what version?
>
> --
> You received this bug notification because you are a member of Moonshot
> Drivers, which is subscribed to Project Moonshot.
> Matching subscriptions: Moonshot Drivers
> https:/
>
> Title:
> moonshot-
>
> Status in Project Moonshot:
> New
>
> Bug description:
> When using moonshot-
> the following issue:
>
> When used with the newest moonshot-ui package (see Bug 1709316) in a
> mode that uses .gss_eap_id, RADIUS reports a TLS failure:
>
> eap_ttls: ERROR: TLS Alert read:fatal:unknown CA
> eap_ttls: ERROR: TLS_accept: Failed in SSLv3 read client certificate A
> eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read)
> eap_ttls: ERROR: error:14094418:SSL routines:
> eap_ttls: ERROR: error:140940E5:SSL routines:
> eap_ttls: ERROR: System call (I/O) error (-1)
> eap_ttls: ERROR: TLS receive handshake failed during operation
> eap_ttls: ERROR: [eaptls process] = fail
> eap: ERROR Failed continuing EAP TTLS (21) session. EAP sub-module failed
>
> When I downgrade to 0.9.5-1, the problem goes away. If there is TLS
> functionality that attempts to get trust anchors (and fails), perhaps
> we should update the .gss_eap_id functionality to add a third line
> that allows a trust anchor?
>
> Additionally, when I downgrade moonshot-ui to avoid Bug 1709316, the
> moonshot-gss-eap package appears to cause a segv in the ssh process
> during a call like this:
>
> ssh -Kv <email address hidden>
> :
> :
> debug1: Next authentication method: gssapi-keyex
> debug1: No valid Key exchange context
> debug1: Next authentication method: gssapi-with-mic
> Segmentation fault (core dumped)
>
> This does not happen when I downgrade to 0.9.5-1.
>
> A virtual machine (Virtual Box 5.1) can be provided that demonstrates
> this issue.
>
> To manage notifications about this bug go to:
> https:/
>