[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with OpenSSH

To: heimdal-discuss@sics.se, "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Subject: Re: Problem with OpenSSH
From: Antoine MILLET <antoine.millet@staff.epita.fr>
Date: Wed, 01 Aug 2007 19:37:29 +0200
In-Reply-To: <17ADCCB3-257F-4B41-9B18-FB1AD687CFA4@ece.cmu.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <46B0B05E.6000705@staff.epita.fr> <66E4628F-F911-4AE0-B86E-D95EFF9FC0FE@ece.cmu.edu> <46B0BA6E.3090104@staff.epita.fr> <17ADCCB3-257F-4B41-9B18-FB1AD687CFA4@ece.cmu.edu>
Reply-To: heimdal-discuss@sics.se, Antoine MILLET <antoine.millet@staff.epita.fr>
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)

Brandon S. Allbery KF8NH wrote:
>
> On Aug 1, 2007, at 12:53 , Antoine MILLET wrote:
>
>> And any idea about the fact that openssh doesn't forward ticket and 
>> request password each time I want to log on another computer in our 
>> park ?
>>
>> Thanks in advance.
>
> I'd make sure (1) the tickets are forwardable and (2) 
> GSSAPIDelegateCredentials is turned on.  (The latter seems to be the 
> most common problem, as default sshd configs tend to enable GSSAPI for 
> auth but disable credential delegation, thus preventing the forwarded 
> ticket from being used for anything.)
>
Sorry for my first mail, it's not in sshd_config but in ssh_config.

I use the sshd_config with (default for the rest) :
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
KerberosGetAFSToken yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

And I use the ssh_config with (default for the rest) :
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

But now I've a segfault with ssh client... I'm trying to ktrace ssh 
binary but just after the read of ~/.ssh/know_hosts, I obtain :

  6844 ssh      RET   read 391/0x187
  6844 ssh      CALL  close(0x4)
  6844 ssh      RET   close 0
  6844 ssh      CALL  write(0x3,0x8095000,0x10)
  6844 ssh      GIO   fd 3 wrote 16 bytes
       0x0000 0000 000c 0a15 0000 0000 0000 0000 
0000                                                                        
|................|

  6844 ssh      RET   write 16/0x10
  6844 ssh      CALL  write(0x3,0x8095000,0x30)
  6844 ssh      GIO   fd 3 wrote 48 bytes
       0x0000 3c53 c90b 446d 5ccc cfdd 4296 ac72 777e a55a 34d8 aa34 
9a72 7067 3b12 2a2a 790c f8ca e726 50e2 45e5 b3fd 2bd6  
|<S..Dm\...B..rw~.Z4..4.rpg;.**y....&P.E...+.|
       0x002c 67d6 
aaa3                                                                                                      
|g...|

  6844 ssh      RET   write 48/0x30
  6844 ssh      CALL  select(0x4,0x8092d50,0,0,0)
  6844 ssh      RET   select 1
  6844 ssh      CALL  read(0x3,0xbfbfbe40,0x2000)
  6844 ssh      GIO   fd 3 read 48 bytes
       0x0000 ce97 34ca eb0c b61a fb40 5e6e ee77 2a92 c3ee fc5e 8d6f 
516e d17b 8eac 49af 3da5 5664 54e7 2b97 2341 b4dd b2d4  
|..4......@^n.w*....^.oQn.{..I.=.VdT.+.#A....|
       0x002c 84a4 
d855                                                                                                      
|...U|

  6844 ssh      RET   read 48/0x30
  6844 ssh      CALL  write(0x3,0x8095000,0x40)
  6844 ssh      GIO   fd 3 wrote 64 bytes
       0x0000 4834 fd22 4078 b8d3 bd6f 7d7c 3d8e 836e 24d3 7e91 b411 
aa19 9be0 18c1 58ff f924 2b17 89b4 dfd2 9c18 5b33 3a6e  
|H4."@x...o}|=..n$.~.........X..$+.......[3:n|
       0x002c afe1 92b9 a9b0 fc29 9d18 7127 5675 f708 1066 
c3e1                                                              
|.......)..q'Vu...f..|

  6844 ssh      RET   write 64/0x40
  6844 ssh      CALL  select(0x4,0x8092d50,0,0,0)
  6844 ssh      RET   select 1
  6844 ssh      CALL  read(0x3,0xbfbfbe30,0x2000)
  6844 ssh      GIO   fd 3 read 80 bytes
       0x0000 b986 0d06 b6c9 18ab 42ef 9b1e 767d 34fd 273d 3e48 9b8a 
d82e 757c daf0 44d8 e372 2d45 65a0 0946 6b5e 18e8 c25c  
|........B...v}4.'=>H....u|..D..r-Ee..Fk^...\|
       0x002c 5b48 af11 d7f1 8403 1bbc 22fe f97a 1215 e1fd 8723 e1af 
0f97 3887 f844 3dcc 7e50 f6a9 147b                      
|[H........"..z.....#....8..D=.~P...{|

  6844 ssh      RET   read 80/0x50
  6844 ssh      CALL  open(0x2822cd21,0,0x1b6)
  6844 ssh      NAMI  "/etc/gss/mech"
  6844 ssh      RET   open -1 errno 2 No such file or directory
  6844 ssh      CALL  issetugid
  6844 ssh      RET   issetugid 0
  6844 ssh      PSIG  SIGSEGV SIG_DFL


I don't understand why ssh segfault...

Thanks in advance for all of your help.

-- 
Cordialement.

Follow-Ups:
- Re: Problem with OpenSSH
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Problem with OpenSSH
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Problem with OpenSSH
  - From: Antoine MILLET <antoine.millet@staff.epita.fr>
- Re: Problem with OpenSSH
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
- Re: Problem with OpenSSH
  - From: Antoine MILLET <antoine.millet@staff.epita.fr>
- Re: Problem with OpenSSH
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

Prev by Date: Re: Bug in kinit and afslog
Next by Date: Re: Bug in kinit and afslog
Prev by thread: Re: Problem with OpenSSH
Next by thread: Re: Problem with OpenSSH
Index(es):
- Date
- Thread