Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

openssh crashes
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mentus
n00b
n00b


Joined: 01 Aug 2003
Posts: 26
Location: São Paulo / Brazil
PostPosted: Sun Aug 03, 2003 6:46 pm    Post subject: openssh crashes Reply with quote
I am having some weird crashes while using the ssh client. Sometimes it will work,but, apparently in a random fashion, it won't, giving me different errors. Most of them are like the following:
Quote:

$ssh user@host
hash mismatch
key_verify failed for server_host_key

I know for sure there ISN'T a server problem. This happens once in a while when I try to connect to any server.
If i keep running the same 'ssh user@host' command many times, I'll get a fine connection 80% of the time, hash mismatches 15% and
'Floating point exception' on the rest.
I then removed my ~/.ssh/ folder and tried again. It will naturally complain about not knowing the host's authenticity, I reply 'yes' and it shows me
Quote:

"Warning: Permanently added 'host,ip' (RSA) to the list of known hosts".

Then, sometimes it'll connect just fine to the server, and sometimes I get the same 'hash mismatch' error or, more rarely a 'floating point exception'.

I had the openssh-3.6.1_p2.ebuild installed. What I tried first was recompiling it with nice CFLAGS. (-O1 -march=i586), and also tried changing my USE flags. (for this particular ebuild they're -ipv6 -static -pam +tcpd -kerberos -selinux. I tried seting USE=static, USE=-tpcd, etc). But it didn't wok. I then tried emerging an ebuild of an older openssh version: openssh-3.5_p1-r1.ebuild. It seemed to work at first but then I noticed that again I had the floating point and hash mismatch errors.

After that I took more extreme measures. I copied the ssh binary from my Slackware 8.1 (openssh 3.2.1p1) to /usr/bin/ssh and tried it out a couple of times. It works most of the time but now I get a different error:
Quote:

ssh_rsa_verify: RSA_verify failed: error:04077068:rsa routines:RSA_verify:bad signature
key_verify failed for server_host_key

Now that started to get me mad. What I did next was looking through openssh's source code to track down where the heck this 'hash mismatch' was being triggered. It was on 'ssh-rsa.c'

Code:

        if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
                error("hash mismatch");
                goto done;
        }


Which didn't help me much since I never studied the openssh's source code before. What I tried then was a dirty trick. I commented out this code snippet, patched openssh's and re-emerged it.

It still works most of the time but now it'll give me a dfferent error.
Quote:

ea45 6767 5834 eb50 0b3c 06d0 0baf 9d24
Disconnecting: Bad packet length -364550297.

Which means that my trick was useless. I then emerged a non patched version of openssh-3.6.1p2 and now I'm back to zero and totally at loss.

I've also noticed that the problem is not only on the client but also on the daemon. When I try to connect from outside to my sshd I sometimes get:
Quote:

ssh_rsa_verify: RSA_verify failed: error:04077068:rsa routines:RSA_verify:bad signature
key_verify failed for server_host_key

Which makes me think it is not something directly related to the client but to the authentication routines.

Any one has any idea on this?

PS.: I know it's not someone playing with my connection or trying to intercept it because openssh (both client and deamon) works flawlessly on Slackware.
Back to top
View user's profile Send private message
Dalrain
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jul 2002
Posts: 136
Location: Wooster, OH USA
PostPosted: Sun Aug 03, 2003 11:06 pm    Post subject: Reply with quote
Does using
Code:
ssh -vvv user@host

do anything further for giving you information on possible cause?
Back to top
View user's profile Send private message
nin_freak_
Tux's lil' helper
Tux's lil' helper


Joined: 03 Aug 2003
Posts: 110
PostPosted: Sun Aug 03, 2003 11:31 pm    Post subject: Reply with quote
are you using dhcp to asign hostnames? because this just means that the key doesn't match up with the ip address form the last time you sshed into it.
try deleating the .ssh folder from your home directory, that shoud clear it's memory of keys
Back to top
View user's profile Send private message
mentus
n00b
n00b


Joined: 01 Aug 2003
Posts: 26
Location: São Paulo / Brazil
PostPosted: Mon Aug 04, 2003 2:10 am    Post subject: Reply with quote
Dalrain wrote:
Does using
Code:
ssh -vvv user@host

do anything further for giving you information on possible cause?


I tried it but I don't know if the output is very helpful. Here it goes:

Quote:

debug3: check_host_in_hostfile: filename /home/mentus/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /home/mentus/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'shell.linux.ime.usp.br' is known and matches the RSA host key.
debug1: Found key in /home/mentus/.ssh/known_hosts:2
debug2: bits set: 1568/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent

This time it worked (it connected to the server).

Quote:

debug3: check_host_in_hostfile: filename /home/mentus/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /home/mentus/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'shell.linux.ime.usp.br' is known and matches the RSA host key.
debug1: Found key in /home/mentus/.ssh/known_hosts:2
debug2: bits set: 1605/3191
hash mismatch
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key
debug1: Calling cleanup 0x80607c0(0x0)

This time it didn't.

In both cases it says 'debug1: Host 'shell.linux.ime.usp.br' is known and matches the RSA host key.'. Just can't figure out why the second has a 'hash mismatch'.

Both files are available in full here:
http://www.linux.ime.usp.br/~feferraz/tmp/err_worked
http://www.linux.ime.usp.br/~feferraz/tmp/err_didntwork
http://www.linux.ime.usp.br/~feferraz/tmp/sshd_didntwork [*]


Concerning the line I set in bold, I don't think it may mean anything. The values (X/3191) are not fixed. I have tested it many times and X values always differ (independent of the connection being sucessfull or not).

For instance, I once managed to connect and got:
debug2: bits set: 1597/3191

[*] This last one is the output of a ssh -vvv trying to connect to my sshd.
Back to top
View user's profile Send private message
mentus
n00b
n00b


Joined: 01 Aug 2003
Posts: 26
Location: São Paulo / Brazil
PostPosted: Tue Aug 05, 2003 12:03 am    Post subject: Apparently fixed Reply with quote
I downgraded my openssl from 0.9.6j to 0.9.6i-r2. Then I reemerged openssh. So far this seems to have fixed the problem. I have tested it hundreds of times now and no 'hash mismatch' problem.
Seems like a broken openssl is being delivered through portage. Anyways, I'll test it further and if this is indeed the case I'll file up a bug report.
Anyone using openssl 0.9.6j willing to do some testing?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy