sshd core dumps while trying to connect with a password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
thinkfinger (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: openssh-server
Running
Linux tp61p 2.6.22-14-generic #1 SMP Tue Feb 12 02:46:46 UTC 2008 x86_64 GNU/Linux
on a Thinkpad T61p; the finger print reader is configured and works.
Connecting to Ubuntu via ssh with password fails ; connecting via ssh with public key works.
In most cases the sshd silently dies; but in some cases it prints some output before dieing if executed with the -d parameter. Examples:
# first example
xtrnaw7@tp61p:~$ sudo /usr/sbin/sshd -p 1234 -d
Password or swipe finger:
debug1: sshd version OpenSSH_4.6p1 Debian-5ubuntu0.1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[
debug1: rexec_argv[3]='-d'
debug1: Bind to port 1234 on 0.0.0.0.
Server listening on 0.0.0.0 port 1234.
socket: Address family not supported by protocol
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.164 port 50182
debug1: Client protocol version 2.0; client software version Sun_SSH_1.2
debug1: no match: Sun_SSH_1.2
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug1: permanently_
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: SSH2_MSG_
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user xtrnaw7 service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "xtrnaw7"
debug1: PAM: setting PAM_RHOST to "pb001"
debug1: PAM: setting PAM_TTY to "ssh"
Failed none for xtrnaw7 from 192.168.1.164 port 50182 ssh2
debug1: userauth-request for user xtrnaw7 service ssh-connection method password
debug1: attempt 1 failures 1
debug1: do_cleanup
Segmentation fault (core dumped)
# second example:
xtrnaw7@tp61p:~$
xtrnaw7@tp61p:~$ sudo /usr/sbin/sshd -p 1234 -d
debug1: sshd version OpenSSH_4.6p1 Debian-5ubuntu0.1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[
debug1: rexec_argv[3]='-d'
debug1: Bind to port 1234 on 0.0.0.0.
Server listening on 0.0.0.0 port 1234.
socket: Address family not supported by protocol
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.164 port 46810
debug1: Client protocol version 2.0; client software version Sun_SSH_1.2
debug1: no match: Sun_SSH_1.2
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug1: permanently_
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: SSH2_MSG_
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user xtrnaw7 service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "xtrnaw7"
debug1: PAM: setting PAM_RHOST to "pb001"
debug1: PAM: setting PAM_TTY to "ssh"
Failed none for xtrnaw7 from 192.168.1.164 port 46810 ssh2
debug1: userauth-request for user xtrnaw7 service ssh-connection method password
debug1: attempt 1 failures 1
Error: Bad address.
*** glibc detected *** sshd: xtrnaw7 [priv]: malloc(): memory corruption (fast): 0x00005555557cf8b0 ***
======= Backtrace: =========
/lib/libc.
/lib/libc.
/lib/libc.
/lib/libc.
/lib/libc.
/lib/libpam.
/lib/security/
/lib/security/
/lib/libpam.
/lib/libpam.
sshd: xtrnaw7 [priv][
sshd: xtrnaw7 [priv][
sshd: xtrnaw7 [priv][
sshd: xtrnaw7 [priv][
sshd: xtrnaw7 [priv][
sshd: xtrnaw7 [priv][
sshd: xtrnaw7 [priv](
/lib/libc.
sshd: xtrnaw7 [priv][
======= Memory map: ========
40000000-40001000 ---p 40000000 00:00 0
40001000-40801000 rw-p 40001000 00:00 0
40801000-40802000 ---p 40801000 00:00 0
40802000-41002000 rw-p 40802000 00:00 0
2aaaaaac0000-
2aaaaaacd000-
2aaaaaccd000-
2b3f41798000-
2b3f417b5000-
2b3f417b8000-
2b3f417c8000-
2b3f419b4000-
2b3f419b6000-
2b3f419be000-
2b3f41bbd000-
2b3f41bbf000-
2b3f41bc9000-
2b3f41dc9000-
2b3f41dca000-
2b3f41dcc000-
2b3f41fcc000-
2b3f41fce000-
2b3f41fe5000-
2b3f421e4000-
2b3f421e6000-
2b3f421e8000-
2b3f42343000-
2b3f42543000-
2b3f42566000-
2b3f42569000-
2b3f4256b000-
2b3f4276a000-
2b3f4276c000-
2b3f42782000-
2b3f42982000-
2b3f42983000-
2b3f42984000-
Aborted (core dumped)
xtrnaw7@tp61p:~$
xtrnaw7@
Port 22
Protocol 2
HostKey /etc/ssh/
HostKey /etc/ssh/
UsePrivilegeSep
KeyRegeneration
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentic
IgnoreRhosts yes
RhostsRSAAuthen
HostbasedAuthen
PermitEmptyPass
ChallengeRespon
PasswordAuthent
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/
UsePAM yes
xtrnaw7@
auth required pam_env.so # [1]
auth required pam_env.so envfile=
@include common-auth
account required pam_nologin.so
@include common-account
@include common-session
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
@include common-password
Can't reproduce in hardy.
nxvl@LePew:~$ sudo /usr/sbin/sshd -p 1234 -d 0]='/usr/ sbin/sshd' 2]='1234' OpenSSH_ 4.7p1 Debian-5ubuntu1 set_uid: 114/65534 KEX_DH_ GEX_REQUEST received KEX_DH_ GEX_GROUP sent KEX_DH_ GEX_INIT KEX_DH_ GEX_REPLY sent use_uid: 1000/1000 (e=0/0) .ssh/authorized _keys use_uid: 1000/1000 (e=0/0) .ssh/authorized _keys2 child_preauth: nxvl has been authenticated by privileged process set_uid: 1000/1000 init_dispatch_ 20 input_channel_ open: ctype session rchan 0 win 1048576 max 16384 request input_channel_ open: confirm sess...
debug1: sshd version OpenSSH_4.7p1 Debian-5ubuntu1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[
debug1: rexec_argv[3]='-d'
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
debug1: Bind to port 1234 on 0.0.0.0.
Bind to port 1234 on 0.0.0.0 failed: Address already in use.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 52375
debug1: Client protocol version 2.0; client software version OpenSSH_4.7p1 Debian-5ubuntu1
debug1: match: OpenSSH_4.7p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug1: permanently_
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_
debug1: SSH2_MSG_
debug1: expecting SSH2_MSG_
debug1: SSH2_MSG_
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user nxvl service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "nxvl"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user nxvl service ssh-connection method publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
Failed none for nxvl from 127.0.0.1 port 52375 ssh2
debug1: temporarily_
debug1: trying public key file /home/nxvl/
debug1: restore_uid: 0/0
debug1: temporarily_
debug1: trying public key file /home/nxvl/
debug1: restore_uid: 0/0
Failed publickey for nxvl from 127.0.0.1 port 52375 ssh2
debug1: userauth-request for user nxvl service ssh-connection method password
debug1: attempt 2 failures 2
debug1: PAM: password authentication accepted for nxvl
debug1: do_pam_account: called
Accepted password for nxvl from 127.0.0.1 port 52375 ssh2
debug1: monitor_
debug1: PAM: establishing credentials
debug1: permanently_
debug1: SELinux support disabled
debug1: Entering interactive session for SSH2.
debug1: server_
debug1: server_
debug1: input_session_
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_