Comment 8 for bug 1709337
Revision history for this message
| Dan Breslau (dbreslau) wrote Re: [Bug 1709337] Re: moonshot-gss-eap-1.0.1-1.el6 causes RADIUS TLS error and SSH segv | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Thanks, Stefan. Unfortunately, I'm not able to get the VM to boot up.
I'm running VB 5.1.22. I've found that snapshots can be problematic even
between VB point releases. Would it be a problem for you to delete the
snapshot, and then export the VM as an appliance?
That said -- I think I have managed to reproduce the issue using
gss-client and gss-server, so if this *would* be a problem, no worries
(yet :-) .
Thanks,
Dan
On 8/9/2017 3:37 AM, Stefan Paetow wrote:
> Yes.
>
> *Everything* is the latest, including the latest MS package for OpenSSH
> (other than the GSS-EAP and MS-UI packages - for obvious reasons). The
> bash history in the 'sysuser' user has everything you need... The
> command is ssh -Kv <email address hidden> (the local machine
> name).
>
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
>
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: <email address hidden>
> skype: stefan.paetow.janet
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT
> No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower
> Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> From: <<email address hidden>
> Reply-To: Bug 1709337 <<email address hidden>
> Date: Tuesday, 8 August 2017 at 23:17
> To: Stefan Paetow <<email address hidden>
> Subject: [Bug 1709337] Re: moonshot-
>
> Is this the same image that you just emailed me a link to on another
> thread?
>
> It would also be very helpful if you could include details about the
> command[s] you're running when you see this problem. I gather that ssh
> is one of those commands. I'm guessing that that's a moonshot-enabled
> ssh; and if so, what version?
>
> --
> You received this bug notification because you are a member of Moonshot
> Drivers, which is subscribed to Project Moonshot.
> Matching subscriptions: Moonshot Drivers
> https:/
>
> Title:
> moonshot-
>
> Status in Project Moonshot:
> New
>
> Bug description:
> When using moonshot-
> the following issue:
>
> When used with the newest moonshot-ui package (see Bug 1709316) in a
> mode that uses .gss_eap_id, RADIUS reports a TLS failure:
>
> eap_ttls: ERROR: TLS Alert read:fatal:unknown CA
> eap_ttls: ERROR: TLS_accept: Failed in SSLv3 read client certificate A
> eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read)
> eap_ttls: ERROR: error:14094418:SSL routines:
> eap_ttls: ERROR: error:140940E5:SSL routines:
> eap_ttls: ERROR: System call (I/O) error (-1)
> eap_ttls: ERROR: TLS receive handshake failed during operation
> eap_ttls: ERROR: [eaptls process] = fail
> eap: ERROR Failed continuing EAP TTLS (21) session. EAP sub-module failed
>
> When I downgrade to 0.9.5-1, the problem goes away. If there is TLS
> functionality that attempts to get trust anchors (and fails), perhaps
> we should update the .gss_eap_id functionality to add a third line
> that allows a trust anchor?
>
> Additionally, when I downgrade moonshot-ui to avoid Bug 1709316, the
> moonshot-gss-eap package appears to cause a segv in the ssh process
> during a call like this:
>
> ssh -Kv <email address hidden>
> :
> :
> debug1: Next authentication method: gssapi-keyex
> debug1: No valid Key exchange context
> debug1: Next authentication method: gssapi-with-mic
> Segmentation fault (core dumped)
>
> This does not happen when I downgrade to 0.9.5-1.
>
> A virtual machine (Virtual Box 5.1) can be provided that demonstrates
> this issue.
>
> To manage notifications about this bug go to:
> https:/
>