f



Another variant of "ssh" working interactively, but "ssh cmd" and "scp" failing

hello, world\n

I've read the SSH and OpenSSH FAQ (motd/.profile issue), googled left
and right and still could not find a solution to the problem. I've got
an embedded box named FOO running OpenSSH_3.7.1p1 on Linux 2.4 on
PowerPC, the shell is a busybox, but using bash does not change
anything. No PAM. This is the situation:

ssh root@FOO       -- works
ssh root@FOO ls    -- fails, no output, no matter what command is given
scp file root@FOO: -- fails, "lost connection"

Here's the debug output for the client and the server. I have also
appended the /etc/ssh/sshd_config. What am I doing wrong?

$ ssh -vvv root@FOO /bin/ls
OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to FOO [172.28.58.13] port 22.
debug1: Connection established.
debug1: identity file /home/sje2bk/.ssh/identity type -1
debug1: identity file /home/sje2bk/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/sje2bk/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/sje2bk/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.7.1p1
debug1: match: OpenSSH_3.7.1p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 510/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/sje2bk/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 14
debug1: Host 'FOO' is known and matches the DSA host key.
debug1: Found key in /home/sje2bk/.ssh/known_hosts:14
debug2: bits set: 528/1024
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/sje2bk/.ssh/id_dsa (0xa01a910)
debug2: key: /home/sje2bk/.ssh/identity (0x0)
debug2: key: /home/sje2bk/.ssh/id_rsa (0x0)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/sje2bk/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /home/sje2bk/.ssh/identity
debug3: no such identity: /home/sje2bk/.ssh/identity
debug1: Trying private key: /home/sje2bk/.ssh/id_rsa
debug3: no such identity: /home/sje2bk/.ssh/id_rsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@FOO's password:
debug3: packet_send2: adding 64 (len 54 padlen 10 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug1: Sending command: /bin/ls
debug2: channel 0: request exec confirm 0
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug2: channel 0: rcvd ext data 34
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: rcvd close
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug2: channel 0: obuf_empty delayed efd 8/(34)
debug1: permanently_set_uid: 0/0
debug2: channel 0: written 34 to efd 8
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)

debug3: channel 0: close_fds r -1 w -1 e 8 c -1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status -1
$


Server log on embedded box:

[root@FOO:~]# /sbin/sshd -Dddd
debug3: RNG is ready, skipping seeding
debug2: read_server_config: filename //etc/sshd_config
debug1: sshd version OpenSSH_3.7.1p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file //etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file //etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 128.87.16.42 port 51306
debug1: Client protocol version 2.0; client software version
OpenSSH_4.2p1 FreeBSD-20050903
debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1
debug2: Network child is on pid 26736
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 501:255
debug1: permanently_set_uid: 501/255
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 123/256
debug2: bits set: 528/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 510/1024
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 4
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x10061fd0(55)
debug3: mm_request_receive_expect entering: type 5
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 5
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method
none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: input_userauth_request: setting up authctxt for root
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: user not authenticated
Failed none for root from 128.87.16.42 port 51306 ssh2
Failed none for root from 128.87.16.42 port 51306 ssh2
debug3: mm_request_receive entering
debug1: userauth-request for user root service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x10062130
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x10062130 is disallowed
debug3: mm_request_send entering: type 21
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Failed publickey for root from 128.87.16.42 port 51306 ssh2
debug3: mm_request_receive entering
debug1: userauth-request for user root service ssh-connection method
keyboard-interactive
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=root devs=
debug1: kbdint_alloc: devices ''
debug2: auth2_challenge_start: devices
Failed keyboard-interactive for root from 128.87.16.42 port 51306 ssh2
debug1: userauth-request for user root service ssh-connection method
password
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method password
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: user authenticated
Accepted password for root from 128.87.16.42 port 51306 ssh2
debug3: mm_send_keystate: Sending new keys: 0x10060ea8 0x10060d28
debug3: mm_newkeys_to_blob: converting 0x10060ea8
debug3: mm_newkeys_to_blob: converting 0x10060d28
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_send_keystate: Finished sending state
Accepted password for root from 128.87.16.42 port 51306 ssh2
debug1: monitor_child_preauth: root has been authenticated by
privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 24
debug3: mm_request_receive entering
debug3: mm_newkeys_from_blob: 0x10061e88(118)
debug2: mac_init: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x10061e88(118)
debug2: mac_init: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 3 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max
32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request exec reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
debug2: fd 9 setting O_NONBLOCK
debug2: fd 9 is O_NONBLOCK
debug2: fd 11 setting O_NONBLOCK
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 26747
debug1: session_exit_message: session 0 channel 0 pid 26747
debug2: channel 0: request exit-signal
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: output open -> closed
debug1: session_close: session 0 pid 26747
debug2: channel 0: read<=0 rfd 9 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: read 34 from efd 11
debug2: channel 0: ibuf_empty delayed efd 11/(34)
debug2: channel 0: rwin 131072 elen 34 euse 1
debug2: channel 0: sent ext data 34
debug2: notify_done: reading
debug2: channel 0: read 0 from efd 11
debug2: channel 0: closing read-efd 11
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug3: channel 0: will not send data after close
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: server-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 server-session (t4 r0 i3/0 o3/0 fd 9/9)

debug3: channel 0: close_fds r 9 w 9 e -1
Connection closed by 128.87.16.42
Closing connection to 128.87.16.42

$ cat /etc/ssh/sshd_config
#       $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no

#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
# Subsystem     sftp    /usr/libexec/sftp-server
------- EOF sshd_config -----

Regards,

    Jens
--
Jens Schweikhardt  http://www.schweikhardt.net/
SIGSIG -- signature too long (core dumped)





0
usenet8 (38)
2/28/2006 10:56:10 AM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

5 Replies
1266 Views

Similar Articles

[PageSpeed] 43

> 
> hello, world\n
> I've read the SSH and OpenSSH FAQ (motd/.profile issue), googled left
> and right and still could not find a solution to the problem. I've got
> an embedded box named FOO running OpenSSH_3.7.1p1 on Linux 2.4 on
> PowerPC, the shell is a busybox, but using bash does not change
> anything. No PAM. This is the situation:
> 
> ssh root@FOO       -- works
> ssh root@FOO ls    -- fails, no output, no matter what command is given
> scp file root@FOO: -- fails, "lost connection"

Are you sure you effectively tried it with bash?  This would be the most
logical explanation, since sshd uses "$SHELL -c ..." to execute remote
commands, and I find this:

syrinx:~% busybox -c /bin/ls
c: applet not found

--
  Richard Silverman
  res@qoxp.net


0
res49 (1410)
2/28/2006 2:17:04 PM
Richard E. Silverman wrote:
>Are you sure you effectively tried it with bash?  This would be the most
>logical explanation, since sshd uses "$SHELL -c ..." to execute remote
>commands

Thanks for your answer. Yes, I am sure:

[root@FOO:/bin]# ll /bin/sh
-rwxr-xr-x    1 root     root       621428 Feb 28 15:30 /bin/sh
[root@FOO:/bin]# unset $BASH_VERSION
[root@FOO:/bin]# /bin/sh -c 'echo $BASH_VERSION'
2.05b.0(1)-release


I also verified that logging in is totally silent (no motd, no output
from rc files)
to confuse sshd.

Should I be worried about these server log messages?
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: output open -> closed

The system's root file system is read-only, but /tmp and /var are
writable
and with plenty of space.

Regards,

        Jens
--
Jens Schweikhardt  http://www.schweikhardt.net/
SIGSIG -- signature too long (core dumped)

0
usenet8 (38)
2/28/2006 3:57:25 PM
On 2006-02-28, Jens Schweikhardt <usenet@schweikhardt.net> wrote:
> Should I be worried about these server log messages?
> debug2: channel 0: write failed
> debug2: channel 0: close_write
> debug2: channel 0: output open -> closed
>
> The system's root file system is read-only, but /tmp and /var are
> writable and with plenty of space.

Maybe something in /dev?  Try strace'ing sshd and see what it's doing
when that happens.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
0
dtucker1 (251)
3/1/2006 8:59:23 AM
Darren Tucker wrote:
> On 2006-02-28, Jens Schweikhardt <usenet@schweikhardt.net> wrote:
> > Should I be worried about these server log messages?
> > debug2: channel 0: write failed
> > debug2: channel 0: close_write
> > debug2: channel 0: output open -> closed
> >
> > The system's root file system is read-only, but /tmp and /var are
> > writable and with plenty of space.
>
> Maybe something in /dev?  Try strace'ing sshd and see what it's doing
> when that happens.

Okay, here's the strace log (strace -f /sbin/sshd -d -d -d),
trimmed to the interesting part:

[...]
write(2, "debug1: session_by_channel: sess"..., 49debug1:
session_by_channel: session 0 channel 0
) = 49
write(2, "debug1: session_input_channel_re"..., 55debug1:
session_input_channel_req: session 0 req exec
) = 55
socketpair(PF_UNIX, SOCK_STREAM, 0, [8, 9]) = 0
socketpair(PF_UNIX, SOCK_STREAM, 0, [10, 11]) = 0
fork(Process 3522 attached (waiting for parent)
Process 3522 resumed (parent 3504 ready)
)                                  = 3522
[pid  3522] --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
[pid  3522] setsid()                    = 3522
[pid  3522] close(9)                    = 0
[pid  3522] close(11)                   = 0
[pid  3522] dup2(8, 0)                  = 0
[pid  3522] dup2(8, 1)                  = 1
[pid  3522] dup2(10, 2)                 = 2
[pid  3522] getuid()                    = 0
[pid  3522] setgid(0)                   = 0
[pid  3522] open("/etc/group", O_RDONLY) = 9
[pid  3522] fcntl64(9, F_GETFD)         = 0
[pid  3522] fcntl64(9, F_SETFD, FD_CLOEXEC) = 0
[pid  3522] fstat64(9, {st_mode=S_IFREG|0644, st_size=247, ...}) = 0
[pid  3522] mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30017000
[pid  3522] _llseek(9, 0, [0], SEEK_CUR) = 0
[pid  3522] read(9, "root:*:0:root,admin\nbin:*:1:root"..., 4096) = 247
[pid  3522] read(9, "", 4096)           = 0
[pid  3522] close(9)                    = 0
[pid  3522] munmap(0x30017000, 4096)    = 0
[pid  3522] setgroups(5, [0, 1, 2, 3, 6]) = 0
[pid  3522] getuid()                    = 0
[pid  3522] getgid()                    = 0
[pid  3522] write(2, "debug1: permanently_set_uid: 0/0"..., 34) = 34
[pid  3522] setresgid(0, 0, 0)          = 0
[pid  3522] setresuid(0, 0, 0)          = 0
[pid  3522] getgid()                    = 0
[pid  3522] getegid()                   = 0
[pid  3522] getuid()                    = 0
[pid  3522] geteuid()                   = 0
[pid  3522] getuid()                    = 0
[pid  3522] geteuid()                   = 0
[pid  3522] open("/etc/default/login", O_RDONLY|O_LARGEFILE) = -1
ENOENT (No such file or directory)
[pid  3522] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 3522 detached
getsockname(4, {sa_family=AF_INET, sin_port=htons(22),
sin_addr=inet_addr("172.28.58.13")}, [16]) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
write(2, "debug1: Received SIGCHLD.\r\n", 27debug1: Received SIGCHLD.
) = 27
[...]

Obviously the child segfaults very early and thus the parent
gets a SIGCHLD and reaps the exit status. Can you tell
from this if the segfault happens in sshd code or is due to
something outside the responsibility of the sshd?

Regards,

        Jens
--
Jens Schweikhardt  http://www.schweikhardt.net/
SIGSIG -- signature too long (core dumped)

0
usenet8 (38)
3/1/2006 1:32:36 PM
I wrote:

> [pid  3522] open("/etc/default/login", O_RDONLY|O_LARGEFILE) = -1
> ENOENT (No such file or directory)
> [pid  3522] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> Process 3522 detached
> [...]

It turned out that the sshd version in openssh-3.7p1 has a NULL-pointer
dereference in session.c:child_get_env() when read_etc_default_login()
can not read the file and assign at least SUPATH and PATH. This appears
fixed in 3.9p1 where a test "if(tempenv == NULL) return;" was added.

The workaround for 3.7p1 of course is to create that file containing
these
assignments.

Regards,
         Jens
--
Jens Schweikhardt  http://www.schweikhardt.net/
SIGSIG -- signature too long (core dumped)

0
usenet8 (38)
3/1/2006 4:57:34 PM
Reply:

Similar Artilces:

""""""""""""""""""""""ADD ME""""""""""""""""""""
Hi , Hope you are doing great. Please let me take this opportunity to introduce myself, Iam Karthik working with BhanInfo Inc, a NY based company. We have consultants on our bench on various technologies, my request is to add me to your distribution list and kindly do send me the requirements. i have the below list available 1. Mainframe 2. Java 3.. Financial Analyst 4. Data Architect If there is any vendor ship agreement which has to be signed then I would like to take an opportunity to represent my company and expect your cooperation... We look forward to build a ve...

"""""""""ADD ME""""""""""
Hi , Hope you are doing great. Please let me take this opportunity to introduce myself, Iam Karthik working with BhanInfoi Inc, a NY based company. We have consultants on our bench on various technologies, my request is to add me to your distribution list and kindly do send me the requirements. i have the below list available 1. Mainframe 2. Java 3.. Financial Analyst 4. Data Architect If there is any vendor ship agreement which has to be signed then I would like to take an opportunity to represent my company and expect your cooperation... ...

Urgent Requirement in """""""""""""NEW YORK""""""""""""""""
Hello Partners, Please find the requirement below. Please send the updated resume along with rate and contact no. REQ#1: Title : Java Developer ( Rating Project) Duration : 6 months Rate : open Location : NY strong java, WebLogic 9.2, Web Services, Oracle REQ#2: Title : Java Developer Duration : 4 months Rate : open Location : NY Strong java, SQL REQ#3: Title : VB.Net Consultant Location : NY Duration : 4 months Rate : open Primarily looking at someone who has Excel, VB.net and Oracle (good to have). Req #4: Title : Java Developer (MSA Project) Duration : 6+ months Rate : open Location : NY Note : Please send your updated resume along with contact no karthik@bhaninfo.com : No phone calls please. Thanks & Regards Karthik BhanInfo karthik@bhaninfo.com ...

"my" and "our"
Hi, while testing a program, I erroneously declared the same variable twice within a block, the first time with "my", the second time with "our": { my $fz = 'VTX_Link'; .... ( around 200 lines of code, all in the same block) our $fz = 'VTX_Linkset'; ... } So the initial contents of the $fz declared with "my" is lost, because "our" creates a lexical alias for the global $fz, thus overwriting the previous "my" declaration. It was my error, no question. But I wonder why Perl doesn't mention this - even with "use s...

"/a" is not "/a" ?
Hi everybody, while testing a module today I stumbled on something that I can work around but I don't quite understand. >>> a = "a" >>> b = "a" >>> a == b True >>> a is b True >>> c = "/a" >>> d = "/a" >>> c == d True # all good so far >>> c is d False # eeeeek! Why c and d point to two different objects with an identical string content rather than the same object? Manu Emanuele D'Arrigo wrote: >>>> c = "/a" >>>&...

why "::", not "."
Why does the method of modules use a dot, and the constants a double colon? e.g. Math::PI and Math.cos -- Posted via http://www.ruby-forum.com/. On Oct 26, 2010, at 01:48 , Oleg Igor wrote: > Why does the method of modules use a dot, and the constants a double > colon? > e.g. > Math::PI and Math.cos For the same reason why inner-classes/modules use double colon, because = they're constants and that's how you look up via constant namespace. Math::PI and ActiveRecord::Base are the same type of lookup... it is = just that Base is a module and PI is a float....

"or" and "and"
Hi, I'm just getting to discover ruby, but I find it very nice programming language. I just still don't understand how the "or" and "and" in ruby... I was playing with ruby and for example made a def to print Stem and Leaf plot (for those who didn't have a statistics course or slept on it, e.g. http://cnx.org/content/m10157/latest/) Here is the Beta version of it: class Array def n ; self.size ; end def stem_and_leaf(st = 1) # if st != (2 or 5 or 10) then ; st = 1 ; end k = Hash.new(0) self.each {|x| k[x.to_f] += 1 } k = k.sort{|a, b| a[0].to_f <=&g...

"out" and "in out"
Hi i found the following explaination: In Ada, "in" parameters are similar to C++ const parameters. They are effectively read-only within the scope of the called subprogram. Ada "in out" parameters have a reliable initial value (that passed in from the calling subprogram) and may be modified within the scope of the called procedure. Ada "out" parameters have no reliable initial value, but are expected to be assigned a value within the called procedure. What does "have no reliable initial value" mean when considering the "out" parameter? By c...

"If then; if then;" and "If then; if;"
I have a raw data set which is a hierarchical file: H 321 s. main st P Mary E 21 F P william m 23 M P Susan K 3 F H 324 S. Main St I use the folowing code to read the data to creat one observation per detail(P) record including hearder record(H): data test; infile 'C:\Documents and Settings\retain.txt'; retain Address; input type $1. @; if type='H' then input @3 Address $12.; if type='P' then input @3 Name $10. @13 Age 3. @16 Gender $1.; run; but the output is not what I want: 1 321 s. main H 2 321 s. main P Mary E 21 F 3 321 s...

about "++" and "--"
why this program snippet display "8,7,7,8,-7,-8" the program is: main() { int i=8; printf("%d\n%d\n%d\n%d\n%d\n%d\n",++i,--i,i++,i--,-i++,-i--); } > why this program snippet display "8,7,7,8,-7,-8" Ask your compiler-vendor because this result is IMHO implementation-defined. Check this out: http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.15 http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.16 Regards, Irina Marudina fxc123@gmail.com wrote: > why this program snippet display "8,7,7,8,-7,-8&q...

Urgent Requirement for """""""""""""""INFORMATICA DEVELOPER"""""""""""""
Hello Partners, How are you ? Please find the requirements below. Title: Database/ETL Developer Duration: 6 months Location: NY Exp: 7+ Locals preferred Database/ETL requirements (Mandatory) Candidate must have worked with financial instruments, preferably Mutual Funds but, Equities are also ok. PL/SQL - packages, Stored procs, Functions, Aggregate functions, Pipelined Functions Informatica 8.6 - especially complex mappings, complex maplets, complex workflows, transformations Oracle 10g/11g Unix/Linux shell scripting ...

Urgent need """""""""""INFORMATICA DEVELOPER"""""""""""""
Hello Partners, How are you ? Please find the requirements below. Title: Database/ETL Developer Duration: 6 months Location: NY Exp: 7+ Locals preferred Database/ETL requirements (Mandatory) Candidate must have worked with financial instruments, preferably Mutual Funds but, Equities are also ok. PL/SQL - packages, Stored procs, Functions, Aggregate functions, Pipelined Functions Informatica 8.6 - especially complex mappings, complex maplets, complex workflows, transformations Oracle 10g/11g Unix/Linux shell scripting Database/ETL requirements (Optional) Data warehousing experience Threading and job concepts in 10g/11g Cost based Optimizer concepts in 10g/11g Must : Experience with XML files and partitioning concepts in Oracle, Collections, Material Views Note : No phone calls please. : send Resumes to karthik@bhaninfo.com Thanks & Regards Karthik BhanInfo karthik@bhaninfo.com ...

Does it need a ";" at the very after of "if" and "for"
write code like: int main(void) { int a=10; if(a<20) {} } Compiler ok on dev-cpp . don't we have to add a ";" after if statement? marsarden said: > write code like: > > int main(void) > { > int a=10; > if(a<20) > {} > } > > Compiler ok on dev-cpp . don't we have to add a ";" after if > statement? The syntax for 'if' is: if(expression) statement There is no semicolon after the ) but before the statement. The statement is either a normal statement (which can be empty), ending in a semicolon:- if(expr) ...

"In" "Out" and "Trash"
I just bought a new computer and I re-installed Eudora Light on my new computer. But when I open Eudora, the "In", "Out" and "Trash" links are not on the left side of the screen the way they were on my old computer. How can I get these links back on the left side of the screen? Thank you. On 25 Mar 2007 09:49:22 -0700, "abx" <abfunex@yahoo.com> wrote: >I just bought a new computer and I re-installed Eudora Light on my new >computer. But when I open Eudora, the "In", "Out" and "Trash" links >are ...

A problem about "[ ]" "( )" "="
I want to read several images saved in a director,and give them to I1,I2 ,I3....,using the following codes: filelist=dir(['c:\MATLAB701\work\...\*.jpg']); for i=1 :length(filelist) I=imread(fullfile('c:\MATLAB701\work\...',filelist(i).name)); end; but failed. Then I used I(i)=imread... ,still failed. How could I do? "John" <mailofww@126.com> wrote in message news:ef19e12.-1@webx.raydaftYaTP... >I want to read several images saved in a director,and give them to > I1,I2 ,I3....,using the following codes: > filelist=dir(['c:\MATLAB701\work\.....

differences among "ssh", "rlogin" and "telnet"
Hi, what are the differences among "ssh", "rlogin" and "telnet"? Which one is better and when are each of these are recommended to use? Thanks. On Thu, 2 Mar 2006, SolarisUser wrote: > what are the differences among "ssh", "rlogin" and "telnet"? Which one > is better and when are each of these are recommended to use? ssh encrypts traffic, the others don't. SSh should always be used, and there's no reason to use the others these days. -- Rich Teer, SCNA, SCSA, OpenSolaris CAB member President, Rite Online Inc. ...

"for" loop inside "ssh"
Hello, I try to use "ssh" command and run "for" loop in remote server. I mean something like: ssh remote_server -l remote_user "for file in `ls *.sql`; do; echo $file; done" Now I get: file: Undefined variable. OS: Sun Solaris Shell: ksh Thank you. On 2014-03-10, shulamitmi3@gmail.com <shulamitmi3@gmail.com> wrote: > Hello, > > I try to use "ssh" command and run "for" loop in remote server. > > I mean something like: > > ssh remote_server -l remote_user "for file in `ls *.sql`; do...

Urgent JAVA Requirement in """"""NEW YORK"""""""""
Hello Partners, How are you ? Please find the requirement below. Location : NY Duration : 8 mnths Rate :Open Job description: Java/J2EE Web Service Developer =B7 (4+ years of application development experience in Java/J2EE and Web service technologies. =B7 Experience with spring & Hibernate. =B7 Experience with J2EE Application Server (preferably Web logic). =B7 Preferable Aqua logic DSP Experience =B7 Preferable Sonic ESB Composite Service experience Experience w...

puts "\\".gsub("\\", "\\\\")
Hello, I have a mini-ruby quiz. Guess what this line of code writes to the console, then try it for yourself: puts "\\".gsub("\\", "\\\\") Why is that so? Martin From: martinus [mailto:martin.ankerl@gmail.com]=20 # Hello, I have a mini-ruby quiz. Guess what this line of code writes to # the console, then try it for yourself: # puts "\\".gsub("\\", "\\\\") puts "\\".gsub("\\", "\\\\") \ #=3D> nil # Why is that so? faq. escaping the escape in sub/gsub. search the archives. maybe you want somethin...

Question about "sprintf" "@" "do for"
Hello, this works: A1=3D1 A2=3D2 A3=3D3 i=3D1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari i=3Di+1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari i=3Di+1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari do for [i=3D1:3]{ vari=3Dsprintf("A%.f",i) print vari } But I want to have "print vari,"=3D",@vari" in the loop. But it dosen't=20 work. Why can't I use "print vari,"=3D",@vari" in the loop? Is there a=20 solution for? J=C3=B6rg Jörg ...

Gary Sokolich """"""
"""""""""" http://www.manta.com/c/mmlq5dm/w-gary-sokolich W Gary Sokolich 801 Kings Road Newport Beach, CA 92663-5715 (949) 650-5379 http://www.tbpe.state.tx.us/da/da022808.htm TEXAS BOARD OF PROFESSIONAL ENGINEERS February 28, 2008 Board Meeting Disciplinary Actions W. Gary Sokolich , Newport Beach, California �V File B-29812 - It was alleged that Dr. Sokolich unlawfully offered or attempted to practice engineering in Texas (...) Dr. Sokolich chose to end the proceedings by signing a Consent Order that was accepted by ...

How to change "/" to "\"
Now, the output as below /a/b/c.txt b/c.txt x:/b/c.txt , Need to change x:\b\c.txt #!/bin/ksh # echo.ksh a=/a/b/c.txt echo $a echo ${a#/*/} y=`echo x:/${a#/*/} | tr -s '/' '\'` echo $y moon wrote: > Now, the output as below > > /a/b/c.txt > b/c.txt > x:/b/c.txt , Need to change x:\b\c.txt > > > #!/bin/ksh > # echo.ksh > a=/a/b/c.txt > echo $a > echo ${a#/*/} > y=`echo x:/${a#/*/} | tr -s '/' '\'` > echo $y > > One escape necessary: echo x:/${a#/*/} | tr -s '/' '\\' Two escapes necessar...

"for" with "else"?
While trying to print a none empty list, I accidentaly put an "else" statement with a "for" instead of "if". Here is what I had: if ( len(mylist)> 0) : for x,y in mylist: print x,y else: print "Empty list" which was supposed to be: if ( len(mylist)> 0) : for x,y in mylist: print x,y else: print "Empty list" Is this to be expected? (python 2.2.2) ++++++++++++++++++++++++++++++= >>> for x in range(5): .... print x*x .... else: .... print "done" .... 0 1 4 9 16...

how to change "/" to "\"
iam new to shell scripting and i have plz can anyone help in changing the pattrern "/" to "\" using the sed command. olympie@gmail.com wrote: > iam new to shell scripting and i have plz can anyone help in changing > the pattrern "/" to "\" using the sed command. sed 's/\//\\/g' will replace all '/' with '\' srp -- http://saju.net.in Saju Pillai <saju.pillai@gmail.com> wrote: >> iam new to shell scripting and i have plz can anyone help in changing >> the pattrern "/" to "\" using ...

Web resources about - Another variant of "ssh" working interactively, but "ssh cmd" and "scp" failing - comp.security.ssh

Resources last updated: 3/7/2016 9:21:06 PM